Co-op narrowly averted being locked out of its computer systems during the cyber attack that saw customer data stolen and store shelves left bare, the hackers who claim responsibility have told the BBC. The revelation could help explain why Co-op hasstarted to recovermore quickly than fellow retailer M&S, which had its systems more comprehensively compromised, and is still unable to carry out online orders. Hackers who have claimed responsibility for both attacks told the BBC they tried to infect Co-op with malicious software known as ransomware - but failed when the firm discovered the attack in action. Both Co-op and M&S declined to comment. The gang, using the cyber crime service DragonForce, sent the BBC a long, offensive rant about their attack. "Co-op's network never ever suffered ransomware. They yanked their own plug - tanking sales, burning logistics, and torching shareholder value," the criminals said. But cyber experts like Jen Ellis from the Ransomware Task Force said the response from Co-op was sensible. "Co-op seems to have opted for self-imposed immediate-term disruption as a means of avoiding criminal-imposed, longer-term disruption. It seems to have been a good call for them in this instance," she said. Ms Ellis said these kinds of crisis decisions are often taken quickly when hackers have breached a network and can be extremely difficult. Speaking exclusively to the BBC, the criminals claimed to have breached Co-op's computer systems long before they were discovered. "We spent a while seated in their network," they boasted. They stole a large amount of private customer data and were planning to infect the company with ransomware, but were detected. Ransomware is a kind of attack where hackers scramble computer systems and demand payment from victims in exchange for handing back control. It would also have made the restoration of Co-op's systems more complex, time-consuming and expensive - exactly the problems M&S appears to be wrestling with. The criminals claim they were also behind the attack on M&S which struck over Easter. Although M&S has yet to confirm it is dealing with ransomware, cyber experts have long said that is the situation and M&S has not issued any advice or corrections to the contrary. Nearly three weeks on, the retailer is still struggling to get back to normal, as online orders are still suspended and some shops have had continued issues with contactless payments and empty shelves this week. An analysis from Bank of America estimates the fallout from the hack is costing M&S £43m per week. On Tuesday, M&S admitted personal customer data was stolen in the hack, which could include telephone numbers, home addresses and dates of birth. It added the data theft did not include useable payment or card details, or any account passwords - but nonetheless urged customers to reset their account details and be wary of potential scammers using the information to make contact. Co-op seems to be recovering more quickly, saying its shelves will start to return to normal from this weekend. Nonetheless it is expected to feel the effects of the cyber attack for some time. "Co-op have acted quickly and their work on the recovery helps to soften things slightly, but rebuilding trust is a bit harder," Prof Oli Buckley, a cyber security expert at Loughborough University, told the BBC. "It will be a process of showing that lessons have been learned and there are stronger defences in place," he added. The same cyber-crime group has also claimed responsibility foran attempted hackof the London department store Harrods. The hackers who contacted the BBC say they are from DragonForce which operates an affiliate cyber crime service so anyone can use their malicious software and website to carry out attacks and extortions. It's not known who is ultimately using the service to attack the retailers, but some security experts say the tactics seen are similar to that of a loosely coordinated group of hackers who have been called Scattered Spider or Octo Tempest. The gang operates on Telegram and Discord channels and is English-speaking and young – in some cases only teenagers. Conversations with Co-op hackers were carried out in text form - but it is clear the hacker, who called himself a spokesperson, was a fluent English speaker. They say two of the hackers want to be known as "Raymond Reddington" and "Dembe Zuma" after characters from US crime thriller Blacklist which involves a wanted criminal helping police take down other criminals on a 'blacklist'. The hackers say "we're putting UK retailers on the Blacklist". Sign up for our Tech Decoded newsletterto follow the world's top tech stories and trends.Outside the UK? Sign up here.
Co-op narrowly avoided an even worse cyber attack, BBC learns
TruthLens AI Suggested Headline:
"Co-op Prevents Severe Cyber Attack While M&S Struggles to Recover"
Bbc News
7.6
TruthLens AI Summary
The Co-op supermarket chain narrowly avoided a more severe cyber attack that could have locked it out of its computer systems, according to hackers who claimed responsibility for the incident. They revealed to the BBC that they attempted to infect Co-op with ransomware but failed when the company detected the attack. This quick response is believed to have allowed Co-op to recover faster than rival retailer M&S, which faced a more extensive compromise and is still struggling to resume normal operations. Cybersecurity expert Jen Ellis commended Co-op's decision to proactively disrupt its own operations to prevent more significant damage, highlighting the challenging nature of crisis management in such situations. While both Co-op and M&S declined to comment on the attacks, the hackers boasted about having infiltrated Co-op's systems prior to detection, stealing customer data and planning a ransomware attack that was ultimately thwarted.
In contrast, M&S has confirmed the theft of personal customer data during its cyber attack, which has severely impacted its operations, leading to suspended online orders and ongoing issues in stores. An analysis from Bank of America estimated that the fallout from M&S's breach is costing the company approximately £43 million per week. Although M&S has assured customers that payment details were not compromised, the company has urged them to remain vigilant against potential scams. Meanwhile, Co-op aims to restore its operations, with shelves expected to return to normal soon, although experts warn that rebuilding trust with customers will take time and effort. The same group of hackers, associated with the DragonForce cyber crime service, has also claimed responsibility for an attempted breach of the London department store Harrods, indicating a wider trend of coordinated cyber attacks targeting UK retailers. Experts suggest that these hackers operate within loosely organized groups and utilize online platforms like Telegram and Discord to coordinate their efforts.
TruthLens AI Analysis
The news article outlines a significant cyber attack on Co-op, revealing that the company narrowly avoided a more severe incident involving ransomware. This situation is noteworthy, especially in comparison to another retailer, M&S, which is still grappling with the consequences of a more extensive cyber compromise. The article raises various implications regarding cybersecurity, corporate decision-making, and public perception.
Purpose Behind the Article
The primary goal of this article seems to be to inform the public about the cybersecurity challenges faced by major retailers, particularly highlighting Co-op's decisive actions that may have mitigated a worse outcome. By focusing on the contrast between Co-op and M&S, the article may intend to instill a sense of reassurance regarding Co-op's recovery process while also emphasizing the growing threat of cybercrime.
Perception Management
The article appears to aim at shaping public perception of Co-op as a company that acted wisely during a crisis. By portraying its quick response as a proactive measure, it seeks to enhance the company's image in light of the attack. This framing could influence customer confidence and loyalty.
Information Omission
While the article details the cyber attack's nature and Co-op's response, it does not thoroughly explore the implications of the stolen customer data or the potential long-term effects on customer trust and business operations. This omission may suggest an attempt to downplay potential risks associated with the cyber breach.
Credibility Assessment
The article seems credible as it cites specific comments from cybersecurity experts and includes perspectives from the hackers themselves, providing a multi-faceted view of the situation. However, the lack of commentary from Co-op and M&S raises questions about the completeness of the information presented.
Public Sentiment
This article may resonate more with audiences concerned about data security and corporate accountability. It may attract support from communities advocating for stronger cybersecurity measures and consumer protection.
Market Impact
The implications of this article could influence stock market perceptions of Co-op and M&S. Investors might react to the perceived efficacy of Co-op's crisis management compared to M&S's ongoing struggles, potentially impacting share prices in the retail sector.
Geopolitical Relevance
While the article primarily focuses on a corporate issue, it reflects broader concerns about cybersecurity that are relevant in today's digitally dependent world. As cyber threats continue to evolve, the implications of such attacks might resonate with global discussions on security and privacy.
AI Involvement in Writing
There is no clear indication that artificial intelligence was used in crafting this article. However, the structured presentation and flow of information suggest a deliberate editorial process rather than an AI-generated narrative. The way the article balances technical details with expert opinions may reflect human editorial decisions, aiming to create a compelling narrative.
Manipulative Elements
The article does not overtly manipulate information but may create a narrative that favors Co-op's response. By emphasizing their quick decision-making and contrasting it with M&S's struggles, it subtly guides public sentiment towards viewing Co-op in a more favorable light.
In conclusion, the article serves to inform the public about a significant cybersecurity event while also shaping perceptions about corporate responsibility and crisis management. The nuanced presentation of facts and expert opinions adds to its credibility, although certain aspects remain underexplored.