Mastodawn

Kevin Beaumont May 4

A wrote a piece about paying ransoms does not equal quick restoration - in fact, quite often it makes things worse. https://doublepulsar.com/big-game-ransomware-the-myths-experts-tell-board-members-03d5e1d1c4b7

Big Game Ransomware: the myths experts tell board members

There’s a piece in The Sunday Times today about the DragonForce ransomware incident at Marks and Spencer which caught my eye. It’s a great piece, e.g. it looks at M&S containing the threat to…

DoublePulsar

https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers

Kevin Beaumont May 4

Great NCSC piece by @ollie_whitehouse

I’d add - block by Entra policy specifically High risk logins (below is too FP prone), and SOC monitor them. SOC playbook = account probably compromised. How?

Incidents impacting retailers – recommendations from the NCSC

A joint blog post by the NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.

https://news.sky.com/story/amp/mands-had-no-plan-for-cyber-attacks-insider-reveals-with-staff-left-sleeping-in-the-office-amid-paranoia-and-chaos-13361359

Sky News quote a source in M&S head office saying Marks and Spencer have no ransomware incident plan so they are making it up as they go along apparently, with staff sleeping in the office and communicating via WhatsApp.

M&S dispute this, saying they have robust business continuity plans.

M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos'

Sky

BBC News has a look at teenagers phoning helpdesks and pretending to be the CISO. https://www.bbc.com/news/articles/c4grn878712o

Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre

The NCSC urges firms to check IT help desk "password reset processes" as hackers target retailers.

One of the points of exploitation of large orgs is they usually outsource their Service Desk to somewhere cheap offshore who don’t know the org staff, and when you call and say your name, they normally put big all caps bold red warning if the person is a VIP, eg C suite, so they get VIP service - ie anything goes.

https://www.coop.co.uk/cyber-incident

Co-op Group appear to be trying to course correct with their cyber incident comms.

They’re calling it a cyber incident now, and have put a statement on the front page of their website, along with an FAQ. They haven’t yet emailed members (they should). Edit: they’ve started emailing members.

Pardon Our Interruption

Kevin Beaumont May 6

It sounds like the situation at Co-op has got worse. They’ve stopped taking card payments in some stores, it’s cash only. https://www.telegraph.co.uk/business/2025/05/06/co-op-shops-stop-taking-card-payments-amid-cyber-attack/

Co-op shops stop taking card payments amid cyber attack

Stores display handmade signs to warn customers they can only pay in cash after hackers hit retailer

The Telegraph

Kevin Beaumont May 6

People are also taking to social media to post pictures of apparently emptying store shelves.

The Co-op website claims it is down to "technical issues".

Kevin Beaumont May 6

Contactless payment has been fixed at all Co-op Group stores.

One thing for media covering the Co-op thing - attackers are not impersonating IT help desks to gain access. They’re impersonating *staff* calling in to the IT help desks - they’re different things.

Co-op Group are redirecting supplies from their urban stores to remote and island locations due to stock shortages.

The article mentions their EDI platform is suffering “technical issues”. https://www.retailgazette.co.uk/blog/2025/05/co-op-reroutes-stock/

Co-op reroutes stock to rural stores amid cyber attack disruptions - Retail Gazette

The Co-op is redirecting food and drink supplies to stores in rural and remote areas in a bid to protect isolated communities from shortages following a serious cyber attack.

Retail Gazette

https://www.telegraph.co.uk/business/2025/05/04/ill-protect-trans-people-to-the-end-vows-co-op-boss/

I just did a Shodan Safari on Co-op - basically all their Windows and Linux systems in their core DCs at network boundary are down, it's not just EDI. It's been like that for just under a week, prior to that things were still online.

I feel really bad for them as it's a great org. Also their CEO is basically the only one who stood up like this for trans people.

‘I’ll protect trans people to the end,’ vows Co-op boss

Interview: Shirine Khoury-Haq says non-binary people bring a ‘massive business benefit’

The Telegraph

If you're wondering about Marks and Spencer - I just did a Shodan Safari of their network boundary, Palo-Alto GlobalProtect VPN remote access access is still offline, 15 days later.

Online orders are still not working, and the store stock checker is disabled now.

Kevin Beaumont May 8

Co-op have paused all non-essential products in stores https://www.retailgazette.co.uk/blog/2025/05/co-op-non-essential/

Co-op pauses deliveries of non-essential items amid cyber attack - Retail Gazette

Co-op has paused its orders of non-essential products amid the fallout from its cyber attack.

Retail Gazette

Kevin Beaumont May 8

Every detail in this article is wrong. The M&S incident had nothing to do with hybrid working.

Marks and Spencer’s online shopping is still offline 3 weeks later. It is thought they have lost around £63m so far, excluding IR, BCP and ransom payment costs. https://www.drapersonline.com/news/ms-online-shopping-outage-enters-third-week

M&S had a significant amount of data stolen btw, but they’ve opted not to tell customers or staff.

https://www.thegrocer.co.uk/news/co-op-societies-hit-by-availability-issues-amid-ongoing-cyberattack-on-co-op-group/704305.article

The Grocer reports 4 regional Co-ops, who aren’t part of Co-op Group, are suffering stock shortages as they are supplied by Co-op Group.

They expect customers to start to see availability issues on shelves in the coming days.

Co-op societies hit by availability issues amid ongoing cyberattack on Co-op Group

Midcounties Co-op, Heart of England Co-op and Lincolnshire Co-op have all confirmed disruption to the supply of food to stores

The Grocer

https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

For orgs looking for defence tips for the attacks on UK retailers, this blog from 2022 about the UK teenagers in LAPSUS$ has relevance.

As a plot twist - not documented anywhere online, but LAPSUS$ first attacks in 2021 were against UK high street retailers.

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction | Microsoft Security Blog

The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.

Microsoft Security Blog

For anybody wondering what 'dial into the incident response bridge' means, it means they'll literally Teams call into cyber IR bridges as themselves and just extort you to your face. They'll also call CISOs etc. Bad Times at the El Royale.

Kevin Beaumont May 10

Marks & Spencer bureau de change staff are being forced to use pen and paper to serve customers as a result of the cyber attack on the retailer and cannot accept card payment. https://www.thisismoney.co.uk/money/markets/article-14696595/Hack-rocks-Marks-Spencer-bureau-change.html

Hack rocks Marks & Spencer bureau de change

M&S bureau de change staff are being forced to use pen and paper to serve customers. The travel money desks are also unable to accept card payments in some cases.

This Is Money

Kevin Beaumont May 10

Co-op Group have provided some more detail about what it’s doing about remote lifeline stores (ones where they’re the main/only retailer on an island):

“From Monday, 12 of the most remote lifeline stores will receive treble the volume of available product, and another 20 lifeline stores will get double the volume.” https://www.bbc.com/news/articles/c071e7x80djo

Co-op cyber attack: Islanders facing empty shelves say 'get the people fed'

The picturesque island of Islay in the Western Isles is dealing with the real world impacts of the major supermarket hack.

Kevin Beaumont May 10

DragonForce Ransomware Cartel’s portal is back online after a multi week outage. No sign of M&S or Co-op’s data.

All M&S recruitment is still stopped, 19 days in. https://jobs.marksandspencer.com/

I think Co-op may have stopped recruitment too, they’re a big employer so usually have hundreds of open positions - currently they have 17, and most close today and the rest in a few days.

The Record quotes a Co-op worker as saying they are operating at well below 20% of their normal capacity in depots. https://therecord.media/co-op-cyberattack-uk-company-fears-hackers-still-in-system

Fears 'hackers still in the system' leave Co-op shelves running empty across UK

U.K. retailer the Co-op is still having trouble with keeping grocery shelves stocked as it continues to respond to an attempted cyberattack that forced it to shut down some systems two weeks ago.

Allianz supplies Marks and Spencer's cyber insurance, and will apparently suffer a full tower loss (i.e. it's going to be expensive) https://www.insuranceinsider.com/article/2esiwg4yv6p38pcf2pgxs/lines-of-business/cyber/allianz-leads-cyber-cover-for-m-s-ransomware-attack

Allianz leads cyber cover for M&S ransomware attack

The Willis-brokered coverage also includes the Willis CyXS facility.

Insurance Insider

People in Machynlleth are apparently turning up at local farms in search of food due to lack of produce at Co-op https://www.cambrian-news.co.uk/news/cyber-attack-people-turning-up-at-farms-as-machynlleth-co-op-shelves-remain-bare-792434

Cyber attack: People 'turning up at farms' as Machynlleth Co-op shelves remain bare

A cyber-attack has left Machynlleth’s only supermarket with empty shelves, with some residents ‘turning up at farms’ in an attempt to find fresh produce.

cambrian-news.co.uk

Co-op stores in Sheffield, Badenoch, Dunfermline and many other places are apparently running out of produce - it's not possible to keep up with the local media reports but they're basically bored reporters get sent out to photograph half empty fridges.

This ITV News report linking the Co-op and M&S breaches to SIM swapping is not accurate, no source given. https://www.itv.com/news/2025-05-12/sim-swap-fraud-rises-by-1000-as-criminals-exploit-two-factor-authentication

They also have a report today saying Co-op stores are restocked, which is also not accurate - that one is sourced from Co-op, but obviously doesn’t stack up to looking in Co-op stores.

If anybody is wondering, all of Marks and Spencer's Palo-Alto GlobalProtect VPN boxes are still offline, 3 weeks later. Pretty good containment method to keep attackers out.

Co-op's VDE environment is still down, too.
https://cyberplace.social/@GossiTheDog/114399017367179104

Kevin Beaumont (@GossiTheDog@cyberplace.social)

Attached: 1 image M&S use Palo-Alto GlobalProtect for VPN, they took all the endpoints offline days ago (usually first stage containment for ransomware/extortion groups).

Cyberplace

M&S confirm my toot from 3 days ago that a significant amount of customer and staff data was stolen. They’ve known for weeks but opted not to tell anybody. https://www.bbc.com/news/articles/c62v34zv828o

M&S says personal customer data stolen in recent cyber attack

The retail giant is still not taking online orders following a cyber attack three weeks ago.

Re the Co-op Group breach, Co-op say home addresses of customers were exfiltrated (it was the membership database). This one dates back to my May 2nd toot upthread re home addresses - at the time, they didn't specify home addresses.

Co-op Group have 5 open jobs left, with nothing posted for 11 days.

Co-op's AGM is this weekend, and M&S yearly results and investor contact are next week.

Gonna be awkward for different reasons, e.g. Co-op is member (customer) owned, so the people's data Co-op had stolen are effectively the shareholders and are invited.

The Channel Islands Coop, which is different to Co-op Group, has been able to restock shelves by moving away from Co-op Group for supply distribution and moving to local suppliers. https://www.bbc.co.uk/news/articles/c3d4xvg3x1do

CI Coop secures local supplies amid stock shortages

The supermarket expects "steady improvements each day", after a cyber attack leads to empty shelves.

BBC News

The Grocer reports Nisa and Costcutter are running out of fruit & veg, fresh meat and poultry, dairy products, chilled ready meals, snacks and desserts.

Nisa and Costcutter are supplied by Co-op Wholesale, which is dependent on Co-op Group.

“It’s really poor. I feel bad for them but what makes it worse is their hush-hush mentality about it. There’s no proper level of communication and we get random updates.”

Co-op Wholesale claim there are no problems. https://www.thegrocer.co.uk/news/nisa-and-costcutter-hit-by-stock-shortages-amid-co-op-cyberattack/704393.article

Nisa and Costcutter hit by stock shortages amid Co-op cyberattack

In communications sent to retailers, the symbol groups listed products that were either 'temporarily unavailable' or 'out of stock' as a result of supplier issues

The Grocer

A look at supplies in stores today, after Co-op told ITV yesterday that stores were restocked 😅

And a video

https://www.thegrocer.co.uk/news/co-op-to-get-systems-back-on-track-after-cyberattack/704425.article

Kevin Beaumont

Co-op Group have told their suppliers that "systemic-based orders will resume for ambient, fresh, and frozen products commencing Wednesday 14 May". They say forecasting system will still be impacted.

Co-op to get systems back on track after cyberattack

As the Co-op turns orders back online, it has warned suppliers that it is unable to provide 'accurate product forecasting ahead of Wednesday's orders'

The Grocer

Harrods say they are not asking customers to do anything differently at this point.

Kevin Beaumont May 14

Financial Times report Marks and Spencer expect to claim £100m on their cyber insurance, the maximum allowed, suggesting losses probably more. https://www.ft.com/content/723b6195-1ce7-4b5f-94f5-729e9152c578

M&S cyber insurance payout to be worth up to £100mn

UK retailer to file big claim as it admits for first time that some customer data was stolen in recent hack

Financial Times

Kevin Beaumont May 14

Co-op Group say they have exited containment and begun recovery phase https://www.theguardian.com/business/2025/may/14/co-op-cyber-attack-stock-availability-in-stores-will-not-improve-until-weekend

Marks and Spencer are still in containment

If you want figures for your board to set expectations in big game ransomware incidents, Co-op containment just over 2 weeks, M&S just over 3 weeks so far - recovery comes after.

In terms of external assistance, Co-op have Microsoft Incident Response (DART), KPMG and crisis comms. M&S have CrowdStrike, Microsoft, Fenix and crisis comms.

Co-op cyber-attack: stock availability in stores ‘will not improve until weekend’

Group in ‘recovery phase’ and working closely with suppliers after customers complain of empty shelves

The Guardian

https://www.bbc.co.uk/news/articles/cwy382w9eglo

Kevin Beaumont May 15

The threat actor at Co-op says Co-op shut systems down, which appears to have really pissed off the threat actor. This was the right, and smart, thing to do.

While I was at Co-op we did a rehearsal of ransomware deployment on point of sale devices with the retail team, and the outcome was a business ending event due to the inability to take payments for a prolonged period of time. So early intervention with containment was the right thing to do, 100%.

'They yanked their own plug': how Co-op averted an even worse cyber attack

The revelation - from the criminals responsible - explains why the Co-op is getting back to business faster than M&S.

BBC News

Kevin Beaumont May 15

Co-op Group recruitment looks like it is starting again, first new roles in two weeks posted. https://hcnq.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX/jobs

Co-op External Career Section Careers

Find your Co-op job

Co-op External Career Section

Kevin Beaumont May 15

Marks and Spencer say food distribution to their stores is returning to normal. It follows Co-op's announcement yesterday that food and drink distribution will begin to return to normal from the weekend. https://www.reuters.com/business/retail-consumer/uks-ms-says-food-availability-improving-every-day-2025-05-15/

27 new jobs at Co-op added today, and it's only midday. So recruitment was definitely paused for two weeks and now active again.

M&S have finally told staff that data about themselves was stolen: https://www.telegraph.co.uk/business/2025/05/16/ms-staff-data-stolen-by-hackers-in-cyber-attack/

You may notice I said they had staff data stolen on May 9th in this thread.

M&S staff data stolen by hackers in cyber attack

Employees’ email addresses and full names have been taken by hackers, sources claim

The Telegraph

https://www.computing.co.uk/news/2025/security/five-cyber-tools-co-op-used-to-defeat-ransomware-attack

For the record, the tools listed in this article aren't used by Co-op.

The link in the article to Vectra Cognito AI has a Coop Sweden logo on it, and the Coop Sweden CISO is named. Coop Sweden is different company. Coop Sweden went on to have a ransomware attack that crippled the org, including point of sale, so I don't think it's a good sales point. Same with Silverfort.

Google AI has ingested the article and now uses it to claim Co-op Group use the tools.

Here are the five cyber tools Co-op used to help defeat its recent ransomware attack

Computing research has identified the security tools and partners the Co-op used to stop last month’s cyberattack in its tracks.

M&S recruitment is still fully stopped, almost a month in. Co-op opened 46 new vacancies today.

Marks and Spencer’s CEO will lose a £1.1m share grant as a result of their cyber incident. https://www.ft.com/content/43531d25-4f7a-4d6e-b809-e85bb8f0033e

M&S chief executive faces £1.1mn pay hit after cyber attack

Stuart Machin’s awards set to shrink after UK retailer’s share price drops following disclosure of sweeping hack

Financial Times

https://www.thetimes.com/uk/technology-uk/article/m-and-s-boss-cyber-attack-7d9hvk6ds

The Times reports M&S were breached through a contractor and that human error is to blame. (Both M&S and Co-op use TCS for their IT Service Desk).

The threat actor went undetected for 52 hours. (I suspect detection was when their ESXi cluster got encrypted).

M&S have told the Times they had no “direct” communication with DragonForce, which is code for they’re using a third party to negotiate - standard practice.

M&S bosses under fire after ‘damaging and embarrassing’ cyberattack

The Times reveals that the hackers penetrated the retailer’s IT systems through a contractor and worked undetected for about 52 hours before the alarm was raised

The Times

M&S looks to be moving to reposition their incident as a third party failure, which I imagine will help redirect some of the blame (they present their financial results during the week to investors): https://www.bbc.co.uk/news/articles/cpqe213vw3po

Both M&S and Co-op outsourced their IT, including their Service Desk (helpdesk), to TCS (Tata) around 2018, as part of cost savings.

M&S hackers believed to have gained access through third party

The retailer has been struggling to get its services back to normal after a cyber-attack in April.

BBC News

There's nothing to suggest TCS itself have a breach btw.

Basically, if you go for the lowest cost helpdesk - you might want to follow the NCSC advice on authenticating password and MFA token resets.

I've put a 3 part deep dive blog series coming out probably next week called Living-Off-The-Company, which is about how teenagers have realised large orgs have outsourced to MSPs who follow the same format of SOP documentation, use of cloud services etc. Orgs have introduced commonality to surf.

Kevin Beaumont May 19

The Office of the Privacy Commissioner for Personal Data (PCPD) has confirmed that Marks and Spencer (M&S) Hong Kong has not informed it of a recent customer data leak, nor responded to its enquiries. https://hongkongfp.com/2025/05/19/ms-hong-kong-not-responding-to-privacy-commissioners-office-after-online-customer-data-breach/

M&S Hong Kong not responding to Privacy Commissioner’s Office after online customer data breach

The Office of the Privacy Commissioner for Personal Data says M&S Hong Kong has not informed it of a recent customer data leak, nor responded to its enquiries.

Hong Kong Free Press HKFP

https://www.reuters.com/business/retail-consumer/ms-slow-recovery-cyberattack-puts-it-risk-lasting-damage-2025-05-19/

Kevin Beaumont May 19

"Cyber analysts and retail executives said the company had been the victim of a ransomware attack, had refused to pay - following government advice - and was working to reinstall all of its computer systems."

Not sure who those analysts are, but since DragonForce haven't released any data and M&S won't comment other than to say they haven't had any "direct" contact with DragonForce, I wouldn't make that assumption.

Kevin Beaumont May 19

There's also a line in the article from an cyber industry person saying "if it can happen to M&S, it can happen to anyone" - it's ridiculous and defeatist given Marks and Spencer haven't shared any technical information about how it happened, other than to tell The Sunday Times it was "human error"

The Air Safety version of cyber industry would be a plane crashing into 14 other planes, and industry air safety people going "Gosh, if that can happen to British Airways it could happen to anybody!"

Kevin Beaumont May 20

Tomorrow it’s one month since Marks and Spencer started containment, it’s also their financial results day.

Online ordering still down, all recruitment stopped, Palo-Alto VPNs still offline.

https://www.reuters.com/business/retail-consumer/ms-slow-recovery-cyberattack-puts-it-risk-lasting-damage-2025-05-19/

Kevin Beaumont May 20

TCS have been linked to the Marks and Spencer breach, at least in part.

Kevin Beaumont May 20

I made this point a few weeks ago, but... outsourcing all your IT, Networks, Service Desk (helpdesk) and operational cybersecurity is a temporary cost saving and basically paints a ticking timebomb on the org, IMHO.

O'Schell May 20

@GossiTheDog I would buy one of those action that goes up when it goes done ! Would that be considered 'outsider trading' ?

JP May 20

@GossiTheDog They are still within the contract sla period for a response from the outsourced help desk. Sorry. But the contract sla only covers time to first response to the ticket not when the ticket will be done. Also orders for that many new machines exceeds the average % of requests and so is subject to delays from the equipment supplier

Alex

May 19

@GossiTheDog I would love for IT to publish accident investigation reports in the same way as aviation.

No blame, no liability, no finger pointing, just lessons for everyone to learn and hopefully avoid the same.

(I know there have been some like the Irish Health Service that were excellent.)

Misuse Case May 20

@GossiTheDog The “human error” is the humans in the boardroom and the C-suite not putting sufficient effort or resources into securing their networks.

Matthew Skelton May 17

@GossiTheDog yeah, breach the "low cost" IT outsourcer - whose staff feel little connection or affinity with the corporate customer - and *bingo* you hit the jackpot 🎰 with multiple corporate accounts to ransom.

How's that "low cost IT outsourcing" looking now?

Roger BW 😷May 17

@matthewskelton @GossiTheDog Of course, make it clear how little you care about your in-house support staff and the same problem arises.

Matthew Skelton May 17

@RogerBW @GossiTheDog oh for sure. It's always seemed weird to me that orgs treat IT admin as low skilled. They are the info front line - you need some of the best people in that position or you're fscked.

Chris Pitts May 17

@matthewskelton @GossiTheDog Chickens. Home. Roost. Or something like that 🐓🏠💥

*sigh*Ber nard May 17

@GossiTheDog One of the big MSP's from India was adamant:
1. Personnel is not allowed to store passwords.
2. Must use unique passwords for every service.
3. Passwords must rotate every X days.
4. Only sanctioned apps are allowed.
5. No password manager is sanctioned or installed by default.

*sigh*Ber nard May 17

@GossiTheDog I recall it was a "TCS_80_ip" list in Entra Id marked "Trusted"/"MFA exempt" that contained 80 ranges from /15 to /24...

Yet happily pivoting through 3 layer deep RDP to get to a system to manage

AnneH May 19

@GossiTheDog I wonder would there be a drop in threat activity if someone made sure all teenagers are in school/training/work/at a youthclub (if there were any).

Fritz Adalis May 17

@GossiTheDog Something, something, can't outsource risk.

sunflowerinrain May 17

@GossiTheDog
Argh, flashbacks to trying to convince directors that outsourcing IT is bad. Very bad.

Olivier Mengué May 18

@sunflowerinrain @GossiTheDog I've seen a full remote tech company where IT was outsourced, and the contract was managed by HR. Like if the CEO didn't trust the engineers (building the product).

⊥ᵒᵚ⁄Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️May 17

@GossiTheDog is there a non #paywall source for that?

Billy Smith May 17

@falken @GossiTheDog

Archive version:

https://archive.ph/mMp3C

⊥ᵒᵚ⁄Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️May 17

@BillySmith @GossiTheDog ta

caskfan May 17

@GossiTheDog paywall 😭

@caskfan @GossiTheDog https://archive.ph/mMp3C

Chris May 17

caskfan May 17

@cw @GossiTheDog thanks

Marcus The Board Gamer May 17

@caskfan @GossiTheDog https://www.removepaywall.com/search?url=https://www.thetimes.com/uk/technology-uk/article/m-and-s-boss-cyber-attack-7d9hvk6ds

RemovePaywall | Free online paywall remover

Remove Paywall, free online paywall remover. Get access to articles without having to pay or login. Works on Bloomberg and hundreds more.

MattChippytea May 17

@GossiTheDog having recently dealt with TCS, nothing would surprise me.

beemoh May 17

@GossiTheDog No direct contact with DragonForce? I'm sure they'll drag them Through The Fire And The Flames over this one.

Joel Michael May 17

@GossiTheDog “we aren’t a computer company, so off to India / China / Vietnam / Philippines / etc for all this non-core-business shit”

…

“Why company not run without computers? Who did this?”

Michael Weiss May 18

@jpm @GossiTheDog funny how they don't outsource the executive staff. Executives are also non-core-business. Yes, of it's not core business there are reasons to consider outsourcing. But that's the first step in a process, not the simple definition of what must be outsourced.

Michael Weiss May 18

@GossiTheDog more CEOs should have this sort of consequence for getting breached like this.

Sir David Nielsen May 20

@GossiTheDog @grumpybozo you betcha that something will be done about it then.

Adrian Sanabria May 16

@GossiTheDog to be fair, IIRC, Coop Sweden went down because their payment provider used Kaseya.

So, it was ransomware on a fourth party, nothing Coop Sweden had any direct control over

Ollie 🇪🇺🏳️‍🌈🏳️‍⚧️May 16

@GossiTheDog As a Co-op member, I'm very happy to see them getting back to business

Rob\Viewdata UK May 15

@GossiTheDog
This was yesterday evening in my local co-op store (close to central Manchester.) Still lots of empty spaces on the shelves.

Gary Parker

May 15

@GossiTheDog And I was expecting the first vacancy to be CTO 😆

Philipp Blum May 15

@GossiTheDog Those who know this is going to become more and more.

Ben Hammond May 15

@GossiTheDog

The quote

> They torched shareholder value

made me laugh

they have no idea what the Coop is

XCondE May 15

@benh @GossiTheDog I have no idea either. Do you have a TL;DR? What's the relation between Coop and Co-op?

Damien May 14

@GossiTheDog wait, they both have professional crisis comms? They appear to be overpaying them...

David Krause May 14

@damien @GossiTheDog I would say most breach and ransomware victims hire a professional crisis comms vendor. It's another whole sub-industry of the ransomware industry. And those vendors do the opposite of what most cyber people would want. Mostly doing minimal statements, trying to kill stories, and less communication.

Dave 🐶May 14

@GossiTheDog
Confident on containment within 2 weeks?

Dr. Christopher Kunz May 13

@GossiTheDog I will henceforth not do anything differntly and therefore continue not to be a Harrods customer.

Ivor Hewitt May 13

@GossiTheDog exactly... They should be talking to the butler.