Multi-million pound investigation leads to dawn raids as cybercriminals face justice for devastating attacks on M&S, Co-op, and Harrods
Britain's National Crime Agency (NCA) has arrested four individuals in connection with a devastating wave of ransomware attacks that crippled major British retailers earlier this year, causing an estimated £300 million in damages to Marks & Spencer alone.
The coordinated dawn raids on Thursday morning targeted suspects across England: a 20-year-old British woman from Staffordshire, two 19-year-old males from London and the West Midlands (one Latvian national), and a 17-year-old British male from the West Midlands. All four now face charges including Computer Misuse Act offenses, blackmail, money laundering, and participating in organized criminal activities.
The April Attack Spree That Shook British Retail
The sophisticated cybercriminal operation began in mid-April with a breach at Marks & Spencer, where attackers not only stole vast amounts of customer and employee data but also deployed ransomware (malicious software that encrypts computer systems until a ransom is paid).
The attack was so severe that M&S chairman described it to MPs as feeling like "an attempt to destroy the business," with IT systems expected to remain partially compromised until November.
The criminals then struck Co-op just days later, stealing private data from millions of customers and staff. The grocery chain narrowly avoided complete system paralysis by disconnecting from the internet at the last moment, preventing the deployment of ransomware that would have caused even greater disruption.
Luxury retailer Harrods became the third victim, though it suffered less operational impact after quickly isolating its systems.
Forensic Investigation Reveals Organized Criminal Network
The NCA's investigation revealed the hallmarks of a sophisticated organized crime group rather than individual hackers. The criminals demonstrated advanced techniques, including sending threatening emails directly to executives demanding payment. The breadth of the attacks and the precision of their execution suggested careful planning and coordination among multiple participants.
"Today's arrests are a significant step in that investigation, but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice," said Paul Foster, head of the NCA's National Cyber Crime Unit.