Lessons from the retail ransomware surge
On demand webinar from June 4th, 2025
Webinar Recap: Ransomware in Retail – Trends, Tactics & Lessons Learned
Retailers continue to face targeted ransomware campaigns, particularly during high-revenue periods. In this session, Integrity360's Richard Ford and Patrick Wragg examined recent cyber-attacks impacting major UK retailers – including M&S and Co-op – and offered expert insights into attacker behaviours, attribution complexity, and best-practice defence.
Key Takeaways
-
Retail in the crosshairs: Attackers deliberately time their campaigns around holidays when operational pressure is high and defences are stretched.
-
Complex attribution: Incidents appear linked to known ransomware groups, but clear attribution remains elusive due to shared infrastructure and rebranding tactics.
-
Operational impact: Ransomware affected critical business functions – including payroll systems – where even basic recovery became near impossible due to compromised backups.
-
Technical entry points: Threat actors exploited weak credentials, vulnerable remote access, and unsecured ESXi environments to move laterally and encrypt systems at scale.
-
Actionable defences:
-
Segment & harden virtual infrastructure
-
Implement MFA across all admin consoles
-
Retain secure offsite backups with long look-back windows
-
Simulate real-world attack response with executive tabletop exercises
-