Malware Alert - Retailers Targeted by Ransomware Attacks from Scattered Spider Threat Actor Group

Release Date: 2 May 2025

Type: Malware

Malware Alert

Current Status and Related Trends

Threat intelligence has revealed that several well-known retailers, including Marks & Spencer (M&S), Co-op, and Harrods, have reportedly been hit by ransomware attacks linked to the "Scattered Spider" group, severely impacting their business operations [1][2].

 

"Scattered Spider" is a threat group that primarily uses social engineering tactics. Their common attack methods involve phishing, SIM swapping, multi-factor authentication (MFA) fatigue attacks, and impersonating IT support staff to carry out fraud. The attackers steal internal account credentials of enterprises and then conduct lateral movements across the entire network. In previous attacks, the attackers used to perform discovery and exfiltrate high-value digital assets including proprietary code repositories, code-signing certificates, and source code. Eventually, the attackers deployed the DragonForce ransomware to encrypt virtual machines on VMware ESXi hosts.

 

The attackers' main objectives are to encrypt corporate systems, steal data for ransom, or threaten to disclose sensitive information. The previous attacks caused disruptions to retailers' contactless payments, online orders, and warehouse operations. These attacks have had a profound impact on the retail industry and may also lead to data breaches and financial losses for victims.

 

Source:

[1] "Marks & Spencer confirms a cyberattack as customers face delayed orders" BleepingComputer

[2] "Harrods the next UK retailer targeted in a cyberattack" BleepingComputer

mickmick.net recommends that users should:

 

• Implement phishing-resistant MFA and educate users on recognizing social engineering and phishing attempts.
• Enforce least privilege access policies to limit unauthorized access.
• Maintain offline and encrypted backups.
• Deploy email filtering tools and implement network segmentation.
• Update software and system regularly and install anti-virus.
• Create robust incident response plan.

 

For further information, can browse https://www.hkcert.org/publications/fight-ransomware.