Illustration: JMiks | Shutterstock
British police have nabbed four individuals as part of a National Crime Agency (NCA) investigation into cyber attacks that disrupted retail chains M&S, Co-op, and Harrods. Suspects include two males aged 19, one male aged 17, and a 20-year-old female from the West Midlands and London on July 10.
All four have been arrested on charges of Computer Misuse Act offences, blackmail, money laundering, and participating in the activities of an organised crime group, according to an NCA report. The arrests took place at their home addresses, and their electronic devices have been seized for digital forensic analysis, with the suspects themselves being in custody for questioning by NCA’s National Cyber Crime Unit officers.
All three attacks took place in April 2025, with M&S confirming that the attack was ransomware in nature after initially having to pause online orders due to the attack. The attacks cost the retail chain nearly $402,000,000 in profits.
Co-op also had to shut several of its IT systems down during the attack, affecting operations. M&S and Co-op were only some of the retail chains attacked during a spree of similar ransomware-like attacks that struck retail chains across Europe and the US.
M&S chairman Archie Norman revealed that the attacks were aimed at deploying the DragonForce ransomware. BleepingComputer reported that the hackers tried to install the same ransomware strain on Co-op servers; however, the company shut down its servers before the encryptor could be deployed. M&S wasn’t so lucky, and the attack ended up being successful.
The NCA’s report doesn’t mention the ransomware group or Scattered Spider, the cybercrime group attributed to the attacks. However, the ages, ethnicity, and social engineering tactics used by the arrested individuals match the usual profile of Scattered Spider members, as established from previous arrests in the US, UK, and Spain.
In the News: McDonald’s AI bot leaks job applicants’ data
