Kaspersky Urges Proactive Action in Alleged Cyberattack on UK Retailer

Illustration of cyber attacks (photo: Freepik)

JAKARTA - The UK's National Crime Agency (NCA) on Thursday, July 10, announced the arrest of four individuals in connection with a series of major cyberattacks targeting well-known British retailers, namely Marks & Spencer (M&S), Co-op, and Harrods.

The four were arrested on suspicion of violating the Computer Misuse Act, blackmail, money laundering, and involvement in an organized crime group.

"Since these attacks occurred, the NCA's dedicated cyber investigators have been working swiftly, and this investigation has become one of our highest priorities," said Deputy Director Paul Foster, head of the NCA's National Cybercrime Unit.

According to the Cyber Monitoring Centre (CMC), the April 2025 cyberattacks on M&S and Co-op resulted in estimated financial losses of between 270 million and 440 million euros (approximately Rp6.4 trillion–Rp10.5 trillion).

Although the NCA did not name the criminal group involved, some analysts suspect the attacks were carried out by a decentralized cyber group called Scattered Spider.

Marc Rivero, Lead Security Researcher, Kaspersky GReAT (Global Research & Analysis Team/GReAT), described Scattered Spider as a persistent and skilled adversary.

"Such attacks represent a complex crisis for any company, and the actions taken depend heavily on the specific consequences of each attack and the company's security posture," Rivero said.

According to Rivero, if an organization has been encrypted and has no backups, paying the ransom may seem like the only option. However, that's not always the case.

"It's also important to remember that paying doesn't guarantee that cybercriminals will return the stolen data, and even after the ransom is paid, cybercriminals often retain the stolen data," he concluded.