In a recent cyber attack, the Co-op narrowly avoided a complete lockdown of its computer systems, which could have resulted in far more severe consequences. The attackers, who claimed responsibility for the incident, revealed to the BBC that their attempt to infect Co-op's systems with ransomware was thwarted when the company discovered and interrupted the cyber attack in progress. This quick action on Co-op's part may explain why the company is recovering more swiftly than M&S, another retailer targeted by the same hackers but with a more extensively compromised system. Both Co-op and M&S have declined to comment on the attacks. The hackers, using a cyber crime service called DragonForce, expressed frustration in a long, offensive message to the BBC. They were particularly annoyed that Co-op's IT team took the proactive step of taking their computer services offline, a move that effectively prevented the hackers from continuing their infiltration. The cyber criminals stated, "Co-op's network never ever suffered ransomware. They yanked their own plug—tanking sales, burning logistics, and torching shareholder value." Cybersecurity experts, such as Jen Ellis from the Ransomware Task Force, have praised Co-op's decision. Ellis explained that the company's choice to endure short-term disruption by taking systems offline was a strategic move to prevent more severe, long-term damage imposed by criminals. According to Ellis, these crisis decisions are often made quickly and are not easy to implement. The hackers, speaking exclusively to the BBC, claimed they had infiltrated Co-op's systems long before detection, stealing a significant amount of customer data and planning a ransomware attack. Ransomware is a type of malware that locks users out of their systems until a ransom is paid. If successful, such an attack would have made recovery for Co-op more complicated, mirroring the challenges currently faced by M&S. M&S was targeted in a similar attack over the Easter period, and while the company has not officially confirmed dealing with ransomware, experts widely believe this to be the case. Nearly three weeks after the attack, M&S continues to struggle with its operations. Online orders remain suspended, and some stores are experiencing issues with contactless payments and stock shortages. Bank of America estimates the financial fallout from the hack is costing M&S £43 million per week. On a recent update, M&S acknowledged that personal customer data was stolen in the attack, which could include information such as telephone numbers, home addresses, and dates of birth. However, they assured customers that no usable payment or card details, nor any account passwords, were compromised. Nevertheless, they advised customers to reset their account details and remain vigilant against potential scams. In contrast, Co-op appears to be on a faster path to recovery, with the company announcing that its store shelves should start returning to normal soon. Despite this progress, Co-op is expected to face the repercussions of the cyber attack for some time. Cybersecurity expert Prof. Oli Buckley from Loughborough University highlighted the importance of rebuilding trust with customers, noting that while Co-op's rapid response was beneficial, showing lessons have been learned and stronger defenses are in place will be crucial. The same cyber-crime group responsible for the attacks on Co-op and M&S has also claimed an attempted hack on the London department store Harrods. The hackers, operating under the DragonForce banner, offer a cyber crime service that allows anyone to use their software and platforms to conduct attacks and extortions. Security experts believe these tactics are reminiscent of a loosely connected group of hackers known as Scattered Spider or Octo Tempest, who operate on platforms like Telegram and Discord. The group is reportedly English-speaking and composed of young individuals, some possibly teenagers. The conversation with the Co-op hackers was conducted in text form, with the spokesperson demonstrating fluent English. They revealed that two of their members prefer to be known as "Raymond Reddington" and "Dembe Zuma," inspired by characters from the American crime thriller "Blacklist." The hackers boldly declared their intention to target UK retailers, stating, "we're putting UK retailers on the Blacklist." These incidents underscore the growing threat of cyber attacks on major retailers and the importance of robust cybersecurity measures. Companies are urged to learn from these attacks and strengthen their defenses to protect both their systems and customer data. As the digital landscape continues to evolve, staying ahead of potential threats remains a critical challenge for businesses worldwide.