SPAR gives important customer update about 'ransomware attack' as it wrestles back control from hackers

SPAR has provided an important update for customers across Lancashire and Northern England, as the retailer wrestles back control of its IT system after a major cyber attack at the weekend.

Thursday, 9th December 2021, 3:01 pm
Updated Thursday, 9th December 2021, 5:11 pm

Hackers brought down the retailer's IT system for the North of England on Sunday (December 5), affecting around 300 stores, including 25 in Lancashire.

It has led to widespread disruption across the chain of shops, with all branches losing access to tills, credit card readers and back office systems, and some stores having to shut completely.

For the past four days, most of the affected SPAR shops have remained open but have operated as cash-only, with some stores only selling essentials such as bread and milk.

Sign up to our daily newsletter

The i newsletter cut through the noise

Since the cyber attack on Sunday (December 5), most of the affected SPAR shops have remained open but have operated as cash-only, with some stores only selling essentials such as bread and milk

But today (Thursday, December 9), its Preston-based distributors, James Hall & Co, said the firm has started to wrestle back control of its IT network from hackers.

It has now confirmed that it is dealing with a 'ransomware attack', meaning hackers have taken control of the IT system and are likely to have demanded payment in cryptocurrency (such as Bitcoin) in exchange for 'unlocking' the SPAR system.

James Hall & Co has not said whether any ransom has been paid, but says it has been working with cyber security specialists to take back control of its system.

Lancashire Police and the National Cyber Security Centre (NCSC, run by Government intelligence agency GCHQ) are also investigating, but both have declined to comment further on the cyber attack.

SPAR staff at the Penwortham store have been working hard to keep their shops running without the use of tills, card payments and back office systems. It was back to pen and paper!

On the website of Britain's cyber security force, the agency says "it does not encourage, endorse, nor condone the payment of ransom demands", which often fund organised crime groups outside the UK.

You can find more information on ransomware attacks on its website here.

James Hall & Co said cyber security experts have been "working round the clock" to restore its IT system and some progress has been made.

The Lancashire distributor said it is now in a position to "start bringing affected stores back online", but did not say exactly when shops should be fully operational again.

The cyber attack led to widespread disruption across SPAR's chain of shops in Lancashire, with all branches losing access to tills, credit card readers and back office systems

The firm has also offered some reassurance to customers concerned that their bank details might have been compromised by the cyber attack.

Asked whether customers' personal details had been accessed by hackers, it said "we have no reason to believe that James Hall & Co, SPAR or any of our customers were specifically targeted by this incident."

Full statement from SPAR distributor James Hall & Co

A spokesman for James Hall & Co said: "On Sunday (December 5) we identified a ransomware attack which affected a number of our SPAR stores across the north of England.

"We know how important local stores are to our communities and would like to apologise to our customers for any inconvenience.

"We immediately took the affected part of our system offline and began investigating alongside external cyber security specialists.

"On a precautionary basis we also took the rest of the James Hall & Co network down while we looked into the issue.

"As a result of these prompt and decisive steps, we are now able to start bringing our affected stores back online.

"This is our absolute priority and the team will be working round the clock to make as much progress as possible.

"It is vital that we do this safely and securely so we would like to thank customers for their patience and understanding while we complete this process over the coming days.

"It is important to note that we have no reason to believe that James Hall & Co, SPAR or any of our customers were specifically targeted by this incident and we are continuing to liaise closely with our stores, suppliers and the relevant authorities."