300 Spar Stores Impacted After Cyberattack On Supplier

Convenience store chain Spar is being impacted by a ransomware attack on a third party supplier, which operates its tills and IT systems.

The BBC reported that the third party store in question is a family run business in Preston called James Hall & Company. Attempts by Silicon UK to reach its website on Tuesday morning were unsuccessful, suggesting the firm is still suffering from the ransomware cyberattack.

The attack on James Hall & Company means that the tills and IT systems of more than 300 Spar convenience stores have been compromised.

Ransomware attack

These local shops have either had to close their doors in the lead up to the busy Christmas shopping period, or had to take cash payments only, as card payments are not possible.

The National Cyber Security Centre and Lancashire Police are reportedly investigating.

“We are aware of an issue affecting Spar stores and are working with partners to fully understand the incident,” the NCSC reportedly said.

“We are working to resolve this situation as quickly as possible,” a Spar spokesman was quoted as saying.

“We apologise for the inconvenience this is causing our customers and we are working as quickly as possible to resolve the situation,” the spokesman said.

In July hackers caused 500 Co-op stores in Sweden to close as tills and self-service machines were taken down.

Similarly, it was the supermarket’s IT supplier that was hit with ransomware.

This is not the first time that a supermarket has been hacked.

In October Tesco managed to quickly restore its website and app, after the supermarket giant confirmed “attempts to interfere with our systems.”

And in July the devastating supply chain attack that targetted software from Miami-based Kaseya, also impacted most of the Co-op’s 800 stores in Sweden, which were unable to open because cash registers weren’t working.

State railways and a major pharmacy chain were also affected.

Supply chain hack

Jake Moore, former head of Digital Forensics at Dorset Police and now cybersecurity specialist at global cybersecurity firm, ESET, noted that this Spar attack demonstrates how an attack on a supplier can trigger an internal debate over whether or not to pay the ransom.

The overwhelming advice from the security industry is not to pay any ransom, as it will just encourage more attacks, and there is no guarantee that systems will be restored.

“This is yet another example of how ransomware is rife amongst businesses and the knock on effects it can have on communities in the aftermath,” said Moore. “Spar will no doubt currently be worryingly weighing up whether or not the demands set by the attackers are worth more or less of the potential other losses.”

“Paying the ransom may mean the tills will be back on sooner but it also means the attackers will have won and Spar will be left nursing a financial headache,” noted Moore. “However, the flip side of the coin leaves Spar not being able to trade at full capacity until a restore is in place which could be days. This impact is something the owners will be heavily debating but the most common outcome is whichever causes the least worst scenario.”

“Once the dust has settled at least it may make other companies tighten their security at the thought of not wanting to live this nightmare and therefore better prepare themselves for inevitable cyber attacks,” Moore concluded.