The UK’s National Crime Agency has arrested four people over a series of disruptive cyberattacks that targeted leading British retailers earlier this year.
The authorities detained three teenage males and one 20-year-old female in the West Midlands and London on suspicion of Computer Misuse Act offenses, blackmail, money laundering and participating in the activities of an organized crime group, the agency said in a statement Thursday.
The arrests were made in connection with an investigation into hacks in April that targeted Marks & Spencer Group Plc, Co-Op and Harrods.
The attack on M&S locked down the company’s internal systems with ransomware, causing weeks of disruption to online sales and an estimated £300 million ($408 million) hit to its operating profit. Meanwhile, the Co-Op said hackers stole data from its internal systems on “a significant number” of its customers.
Read more: M&S, Co-op Cyberattackers Duped IT Help Desks Into Resetting Passwords, Report Says
Paul Foster, head of the National Crime Agency’s cybercrime unit, said the investigation into the attacks was one of his organization’s top priorities.
“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice,” Foster said in the statement.
A spokesperson for M&S said that the company welcomed the development and thanked the crime agency “for its diligent work on this incident.”
A Co-Op spokesperson said its members were pleased their cooperation led to the arrests. Harrods did not respond to a request for comment.
Read More: M&S Says April Cyberattack Caused by Third-Party Impersonation
The suspects were arrested at their home addresses on Thursday and had electronic devices seized, according to the National Crime Agency. Three are British nationals and a 19-year-old male from the West Midlands is Latvian, investigators said.
Retail companies around the world have been plagued by a campaign of cyberattacks that some researchers attribute to Scattered Spider, a loosely affiliated English-speaking hacking gang that targets companies and individuals.
A group resembling Scattered Spider recently moved from targeting retail to insurance companies and airlines, according to Charles Carmakal, chief technology officer at Google’s Mandiant.
The National Crime Agency declined to comment on if those arrested were affiliated with the group.
The hackers worked with another cybercrime gang, known as DragonForce, to carry out the UK retail attacks, Bloomberg News reported previously. Dragonforce rents out malicious software, known as ransomware, to other hackers. Typically, ransomware encrypts files stored on computers and the hackers then demand payment in cryptocurrency to unlock the files.
The incident occurred as a result of “sophisticated impersonation” of one of the retailer’s third-party users, Marks & Spencer Chairman Archie Norman told a UK parliamentary committee on Wednesday.
“It’s fair to say that everybody at M&S experienced it,” he said. “We’re still in the rebuild mode and will be for some time to come,” though things would return to normal for customers by the end of this month, Norman added.
Photograph: The M&S website following a cyber attack; photo credit: Jose Sarmento Matos/Bloomberg.
Related:
- M&S Says April Cyberattack Caused by Third-Party Impersonation
- UK Companies Should Have to Disclose Major Cyberattacks, M&S Says
- M&S Expects Cyberattack Impact to Be Over by August, CEO Says
- After 46-Day Cyberattack Pause, British Retailer M&S Resumes Online Orders
- Marks & Spencer Says Cyberattack to Cost £300 Million
Was this article valuable?
Here are more articles you may enjoy.
California Surplus Lines Take-Up Soars as Brokers Work to Find Coverage for Clients 
Villages Health System Sees $350 Million in Medicare Overcharges 
Nursing Homes Struggle With Trump’s Immigration Crackdown 
US Tariffs Projected to Slow Global Economy and Insurance Premium Growth: Swiss Re 
