We look at the recent cyberattacks on the SPAR store chain that affected over 300 stores in the UK and discuss the responsibility for an attack like this is.
Ransomware has surged in 2021 as individuals and organizations have become more dependant on digital platforms following the Covid-19 lockdown. There are already audit reports for 2022 of high-risk areas in business, and at the top of this list comes ransomware. “Ransomware is resulting in revenue and data loss, compromized data, reputational damage, significant operational disruption, and more,” said Zachary Ginsburg, research director, Gartner Audit and Risk practice.
The news broke this week that SPAR was hit by largescale cyber ransomware. This attack targeted the James Hall & Company in Preston, Lancashire, not the main store chain. This company is integral to operations as they are the primary supply wholesaler for the company. The attack affected SPAR’s tills and IT systems, implemented by James Hall. This has caused stores across the country to close their doors, and the ones that have stayed open can only accept cash payments.
This is not the first time a cyberattack has caused mass disruption to a store chain; July saw hackers causing over 500 Coop stores tills to crash in Sweden. In this case, it was found that the access point was through Kesaya, an IT management software company based in Florida. The offenders, in this case, were identified as the Russian hacker group REvil.
Most would question if this attack on Spar was REvil’s handiwork also, but back in July, it was reported that this group’s online presence suddenly disappeared. Its websites and blogs overnight became inaccessible. There have been some questionable sources that have come forward saying the US FBI had managed to shut down areas of its site, so it decided to shut down its online presence altogether.
Though REvil briefly disappeared, it resurfaced again only a few months later. Whether this is precisely the same group or a new variant of the organization is yet to be confirmed. Its return sparked the creation of Anti-REvil task forces in Europe and the US. Some REvil affiliates were arrested in November 2021 and were undoubtedly used as an example of how countries are cracking down on cybercrime.
These arrests beg the question: Is REvil responsible for this? In August, security company BlackFog reported on ransomware attacks. Its findings showed REvil accounted for more than 23% of the attacks it tracked last month. Though some of the members since then were arrested, these sorts of organizations can be seen as a legion, when if one is taken down, another will always replace them. This latest attack is remarkably similar to the other attacks REvil has been credited for, such as Acer, JBS, Quanta Computer, and more.
As we review cyberattacks like SPAR and Coop, it begs the question, does responsibility solely sit with attackers, or do organizations need to do more to ensure that a company is protected? Access was most likely gained through James Hall’s technical payment system used in the SPAR chain, so some responsibility needs to be taken by James Hall and SPAR. Both companies have a duty as service providers to protect customers who entrust them with their payment details when using their cards in-store.
Warnings were given earlier this year at the Cyber Polygons training event that saw over 7 million visitors attend that we would see a massive wave of cyberattacks. These warnings have been proven accurate, though the warning itself may have posed something of a challenge to attackers to try.
During the Cyber Polygons event, simulations were run on the threat of a largescale global cyberattack, showing that companies need to be more flexible and active with security protocols. This seems to be a warning that SPAR did not adhere to, and it has cost it greatly.
SPAR noticed the issues around 6.30pm and closed its stores almost immediately. The extent of the threat became increasingly clear overnight as it decided not to reopen stores again. That is a reasonably impressive response time, and they will put recovery measures into effect, such as those outlined by Rubrik in its ransomware recovery plan. SPAR needs to concentrate on proactive prevention in the future, rather than reactive responses to protect its customer and staff. There are many methods now to secure a company from ransomware, and these are constantly evolving to match new threats.