Cyberattack wave hits SPAR Stores; who is responsible?


We look at the recent cyberattacks on the SPAR store chain that affected over 300 stores in the UK and discuss the responsibility for an attack like this is.

Ransomware has surged in 2021 as individuals and organizations have become more dependant on digital platforms following the Covid-19 lockdown. There are already audit reports for 2022 of high-risk areas in business, and at the top of this list comes ransomware. “Ransomware is resulting in revenue and data loss, compromized data, reputational damage, significant operational disruption, and more,” said Zachary Ginsburg, research director, Gartner Audit and Risk practice.

The news broke this week that SPAR was hit by largescale cyber ransomware. This attack targeted the James Hall & Company in Preston, Lancashire, not the main store chain. This company is integral to operations as they are the primary supply wholesaler for the company.  The attack affected SPAR’s tills and IT systems, implemented by James Hall. This has caused stores across the country to close their doors, and the ones that have stayed open can only accept cash payments.

SPAR James Hall & Co
James Hall & Co. Ltd Distribution Centre

This is not the first time a cyberattack has caused mass disruption to a store chain; July saw hackers causing over 500 Coop stores tills to crash in Sweden. In this case, it was found that the access point was through Kesaya, an IT management software company based in Florida. The offenders, in this case, were identified as the Russian hacker group REvil.

Most would question if this attack on Spar was REvil’s handiwork also, but back in July, it was reported that this group’s online presence suddenly disappeared. Its websites and blogs overnight became inaccessible. There have been some questionable sources that have come forward saying the US FBI had managed to shut down areas of its site, so it decided to shut down its online presence altogether.

Though REvil briefly disappeared, it resurfaced again only a few months later. Whether this is precisely the same group or a new variant of the organization is yet to be confirmed. Its return sparked the creation of Anti-REvil task forces in Europe and the US. Some REvil affiliates were arrested in November 2021 and were undoubtedly used as an example of how countries are cracking down on cybercrime.

These arrests beg the question: Is REvil responsible for this? In August, security company BlackFog reported on ransomware attacks. Its findings showed REvil accounted for more than 23% of the attacks it tracked last month. Though some of the members since then were arrested, these sorts of organizations can be seen as a legion, when if one is taken down, another will always replace them. This latest attack is remarkably similar to the other attacks REvil has been credited for, such as Acer, JBS, Quanta Computer, and more.

As we review cyberattacks like SPAR and Coop, it begs the question, does responsibility solely sit with attackers, or do organizations need to do more to ensure that a company is protected? Access was most likely gained through James Hall’s technical payment system used in the SPAR chain, so some responsibility needs to be taken by James Hall and SPAR. Both companies have a duty as service providers to protect customers who entrust them with their payment details when using their cards in-store.

Warnings were given earlier this year at the Cyber Polygons training event that saw over 7 million visitors attend that we would see a massive wave of cyberattacks. These warnings have been proven accurate, though the warning itself may have posed something of a challenge to attackers to try.  

During the Cyber Polygons event, simulations were run on the threat of a largescale global cyberattack, showing that companies need to be more flexible and active with security protocols. This seems to be a warning that SPAR did not adhere to, and it has cost it greatly.

Read More:

SPAR noticed the issues around 6.30pm and closed its stores almost immediately. The extent of the threat became increasingly clear overnight as it decided not to reopen stores again. That is a reasonably impressive response time, and they will put recovery measures into effect, such as those outlined by Rubrik in its ransomware recovery plan. SPAR needs to concentrate on proactive prevention in the future, rather than reactive responses to protect its customer and staff. There are many methods now to secure a company from ransomware, and these are constantly evolving to match new threats.

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of SPAR, News, Cyberattack wave hits SPAR Stores; who is responsible?

Erin Laurenson

Multimedia Content Producer for TBTech

Switching from monolithic web apps to microservices

Jon Hewines • 08th June 2023

Unlocking value in existing applications is highly desirable for CTOs, and one of the most effective way of doing so is to make the switch from monolithic architecture to microservices. It’s not a straightforward task, but the benefits can be huge.

BT launches 5G immersive spaces

Alex Foster • 26th May 2023

New connected spaces provide fully immersive experiences by combining interactive, 360° video content – complete with lights, sounds and smells – compatible with Augmented Reality (AR), Virtual Reality (VR) and Extended Reality (XR)

What are tomorrow’s cloud leaders thinking about today?

David Devine • 25th May 2023

Organisations today – from end-users to channel companies and industry groups – are all working to optimize their use of cloud technologies. Although there are increasing numbers of businesses seeing cloud’s benefits, and diminishing minorities operating on-premises, there are nonetheless hurdles that are common to all. OVHcloud’s annual conference at the London Stadium on June...

Job creation and learning from China

Arnold Ma • 22nd May 2023

With the barrage of negative headlines, however, it’s often easy to overlook how the introduction of and advances in new technologies can boost the economy by opening up job opportunities. And with reports of unemployment on the rise, as the UK’s economy struggles for growth momentum, this is more welcome news.