Three hundred Spar convenience stores in the north of England have been affected by a cyberattack against wholesaler James Hall and Co. James Hall supplies produce to the stores, but also operates the IT and till systems.
The primary effect on the stores has been to prevent any payment card processing. Although some stores are remaining open for cash trade only, the majority have been forced to close.
Spar is one of the world’s largest retailers. It was founded in The Netherlands in 1932 and operates more than 13,000 franchise stores in nearly 50 countries. It has more than 2,500 stores in the UK, employing some 40,000 people.
At this stage, little is known about the cyberattack. The effect became known on Sunday, December 5, 2021, when one of the franchises tweeted, “Unfortunately due to a total IT outage affecting all our stores we have had to remain closed all day Sunday with no time set to be back online – our apologies for the massive inconvenience to all our customers and store teams.”
Spar referred SecurityWeek to James Hall for further information on the attack. At the time of writing, James Hall has not responded to any of our telephone calls, and its website is either down or has been taken offline.
Both the ICO and the NCSC have been informed of the incident, with the NCSC simply stating, “We are aware of an issue affecting Spar stores and are working with partners to fully understand the incident.”
Although no information about the attack has yet been disclosed, a ransomware attack is possible – retail in the run-up to Christmas is a tempting target. “With the demand supermarkets experience over the holiday season, if they are hit by a ransomware attack, they are naturally desperate to recover as quickly as possible. It is, therefore, a big red target for many threat-actors who know that any ransom demand could be paid almost immediately,” comments Brooks Wallace, VP EMEA at Deep Instinct.
This would not be the first ransomware attack against a retail chain. In July this year, the Swedish Coop chain was forced to close many of its stores following a REvil ransomware attack exploiting a Kaseya vulnerability. The attack sounds remarkably similar. “One of our suppliers has been hit by an IT attack and therefore the cash registers do not work. We regret this and do everything to be able to open again soon. – Coop.”
However, whatever the cause of the incident, it is also a further example of the supply chain effect. If the cause is nothing more than an IT failure at James Hall, the effect has spread to some 300 customer stores. If it is a cyberattack (ransomware or otherwise), it is not yet known whether the initial compromise was at James Hall or one of the franchise organizations. If the latter, the attackers were able to move up the chain to James Hall, and from there to affect all 300 stores.
Related: Cyber Defenders Should Prepare for Holiday Ransomware Attacks
Related: Costco Hit by Card Skimming Attack Heading Into Holiday Season
Related: CISA, FBI Warn of Increase in Ransomware Attacks on Holidays