UK retailer The Works suffers ransomware attack leading to store closures
An employee falling victim to a malicious phishing email facilitated the attack but customer payment data has not been compromised
UK high street retail store The Works has confirmed a cyber attack on its systems, forcing some stores to close, with sources close to the matter saying systems are hit with ransomware.
The ransomware attack was facilitated by an employee falling victim to a phishing email, according to sources familiar with the situation. The company is working to fully understand the extent of the attack but can confirm that no customer payment data has been compromised.
The Works has called in unnamed outside cyber security experts to conduct digital forensics on the incident and the Information Commissioner’s Office (ICO) has been informed in case other data belonging to customers has been stolen.
The specific ransomware group behind the attack, the ransomware used, or the exact ransom demand, has not yet been confirmed but sources said The Works is not going to currently speculate about the potential for paying the ransom.
The retailer said customers are still safe to shop in-store and online since its credit and debit payments are processed by an outside third party - “there is no risk that this payment data has been accessed improperly,” it said.
RELATED RESOURCE
Ransomware and Microsoft 365 for business
What you need to know about reducing ransomware risk
The Works has disabled all internal and external access to its systems and staff emails until the investigation into the situation is complete.
It also said “to protect customers and the business, the company has made some immediate protective changes to further strengthen its security position” but did not elaborate on what these changes entail.
“There has been some limited disruption to trading and business operations, including the closure of some stores due to till issues,” it said. Replenishment deliveries to the Group's stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced.
“The Company does not currently anticipate that this incident will have a material adverse impact on its forecasts or financial position.”
The Works currently operates more than 520 stores nationwide and is a popular store for gifts, crafts, toys, books, and stationary.
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recoveryNews Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks
News Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Ransomware gangs are sharing virtual machines to wage cyber attacks on the cheap – but it could be their undoingNews Thousands of attacker servers all had the same autogenerated Windows hostnames, according to Sophos
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
