Everyone knows of a Spar supermarket. They’re spread across Europe like bread is spread across their shelves, either as stores or part of petrol stations. With over 13,000 stores worldwide Spar is a successful retail business and a recent target for ransomware criminals.
A few weeks ago 300 UK stores belonging the supermarket chain were hit by a ransomware attack, which forced some to close their doors or only accept cash payments. The cyber-attack also resulted in the pumps at some petrol stations shutting down.
Apparently the attack hit a company which operates Spar’s tills and IT systems. Given that effects of the attack were still being felt in stores days after it was launched it suggests that backup systems were also impacted.
In July of this year Swedish supermarket branches of Coop were hit by a ransomware attack. A few months earlier in April the largest supermarket chain in the Netherlands suffered a cheese shortage after a food transportation company systems went down following a ransomware attack.
The steps in a ransomware attack – how the hacker’s work
High-profile attacks are often conducted by hacking groups that operate like regular companies, with employees, revenue goals and internal hierarchies. Many offer ‘ransomware-as-a-service, selling their malware to whoever has the know-how to execute a hack and has a target.
But most ransomware groups send phishing emails that trick people into opening an attachment or clicking on a link that downloads malicious software, which goes on to encrypt files and bar access to the whole network.
Many attackers don’t stop at simply encrypting data. They steal it, too. And they go after the most sensitive data they can find such as financial records and intellectual property.
Dangers of ignoring the attackers
They then send a message that demands a ransom in exchange for a ‘decryption key,’ to unlock the files. If a victim ignores them they may start going to media and blog sites to broadcast the hack, threatening to leak stolen information.
It can take weeks for an organization that hasn’t been hit too hard and has good backups of its files to get its networks back up. For large organisations without good backups it can take months.
Many attacks come from organized groups that operate with relative impunity out of Russia, Belarus and other East European countries. Attackers range from individuals all the way up to groups of hundreds working directly for a nation state like North Korea. That said, ransomware attackers come from all nations and
This targeting of businesses has been a growing trend over the last few years because the amount of money that can be extracted is far larger than that gained from home users. However, this doesn’t mean home users should be complacent. Rather you should always, as a matter of course, ensure your devices are safeguarded with the best possible protection