Recent data from cybersecurity firm BlackFog reveals a steep 58% increase in publicly disclosed ransomware attacks targeting the global retail sector during the second quarter of 2025 compared to the first quarter. UK-based retail companies have borne the brunt of this surge, facing significant operational disruptions and data breaches.
Rising Threats to Retailers Worldwide
The second quarter of 2025 witnessed an unprecedented escalation in ransomware incidents targeting retailers worldwide. BlackFog’s analysis shows that the volume of attacks reached its highest levels ever recorded for a Q2 period, underscoring the growing attractiveness of the sector to cybercriminals.
Across industries, ransomware attacks grew by 63% year-over-year in Q2, but retail stood out as a particularly hard-hit vertical. This trend highlights the heightened risk posed to retailers, many of whom operate complex supply chains and rely heavily on online commerce.
UK Retail Sector Under Siege
UK retailers were disproportionately impacted this quarter. Well-known brands including Marks & Spencer, Co-op, and Harrods reported ransomware incidents that caused online service outages, disrupted supply logistics, and led to significant data leaks involving sensitive customer information.
Financial losses for affected UK retailers are estimated in the hundreds of millions of pounds, reflecting both direct operational costs and the longer-term damage to brand reputation. Although payment card data breaches have so far been limited, the theft of personal customer data remains a critical concern.
Attack Methods and Threat Actors
Nearly all reported retail ransomware attacks involved data exfiltration alongside system encryption, with cybercriminals using stolen information as leverage for ransom demands. The most active groups behind the recent surge include Ransomware-as-a-Service syndicates such as Qilin, Akira, and Scattered Spider. Initial access often results from phishing campaigns or exploitation of known software vulnerabilities.
