Retail ransomware attacks surge 40% as Safepay tops threats
Ransomware attacks targeting the retail sector increased by 40% in May compared to April, according to findings released by NCC Group.
The research noted that global ransomware activity decreased by 6% in May, with 393 attacks recorded worldwide. This marked the third consecutive month of decline following elevated attack volumes earlier in 2025. However, security analysts warn that a reduction in numbers does not equate to a lowering of risk amid shifting cybercriminal tactics and ongoing geopolitical tensions.
Retail under pressure
While the industrial sector continued to experience the highest level of ransomware targeting—comprising 30% of reported cases in May, or 118 incidents—the consumer discretionary sector, including retail, saw a notable surge. Retail-related attacks rose from 73 in April to 102 in May. The report attributes this increase to the appeal of high-value targets in the sector, driven by the disruption of payment systems, access to consumer data, and prospects for substantial ransom payments.
Several high-profile retailers were reportedly targeted during the period, including Victoria's Secret, Adidas, Cartier, and Peter Green Chilled. In addition, the group known as Scattered Spider claimed responsibility for attacks on Marks & Spencer and the Co-op during May. Observers from Google Threat Intelligence Group and Mandiant have noted a shift in Scattered Spider's focus toward the US retail sector, where the abundance of large companies increases the field of potential victims. Despite difficulties in precisely attributing individual attacks to Scattered Spider, the group's techniques were observed in several US-based incidents.
Safepay rises to prominence
Safepay accounted for 18% of all recorded ransomware attacks in May, making it the most active threat actor of the month with 70 reported incidents. NCC Group described this as the first occasion Safepay has appeared among the top ten most prolific threat groups since becoming active in November 2024.
Researchers noted suggestions within the security community that Safepay could represent a rebranding of other prominent groups such as LockBit, Alph V, or INC Ransomware. If correct, this would shed light on the rapid rise in activity and the group's apparent capacity and sophistication.
Other observed trends included the Play gang moving up to second place with 44 attacks, an increase from its previous ranking, and Qilin dropping to third position with 42 incidents. Akira, which led in April, experienced a 46% decline in reported cases, falling to 35 attacks in May.
Regional focus: North America and Europe
The report found that most ransomware activity remained concentrated in North America, which accounted for 50% of all incidents, or 193 attacks. Europe experienced 29% of attacks (112), with Asia comprising 13% (49) and South America recording 4% (17). In total, North America and Europe represented 79% of global ransomware cases.
AI and prompt injection risks
The study also addressed an emerging trend: the vulnerability of artificial intelligence systems to prompt injection attacks. As large language models are more widely adopted across sectors such as healthcare and finance, threat actors have begun to exploit weaknesses using carefully crafted prompts to bypass standard security controls, access sensitive data, or manipulate AI outputs.
According to NCC Group, 56% of AI models tested displayed susceptibility to prompt injection attacks. Current defensive measures, such as input validation and monitoring, face challenges in keeping pace with increasingly sophisticated attack methods. Suggestions for strengthening defences include adversarial training, advanced detection, secure memory management, and human-AI oversight. Regulatory bodies are urged to develop best practice guidelines for AI system security. Matt Hull, Global Head of Threat Intelligence at NCC Group, said: "Although reported ransomware incidents declined in March, April, and May, cyber security efforts must be strengthened, not scaled back. Seasonal fluctuations, with summer approaching, may partly explain the dip. However, the rise of new threat actors like Safepay and the emergence of critical vulnerabilities in AI highlight the ongoing volatility of the ransomware landscape. This underscores the need for sustained cyber investment across both industry sectors and national defence. The focus on the UK's retail sector has shone a light on why cyber security is integral to business resilience. "On a broader level, rising global instability, ongoing tensions between the US and China, and evolving alliances are all contributing to threat levels. Trump's involvement in the Middle East could spur deeper collaboration in advanced technologies between the US and Gulf nations, and new efforts to strengthen UK-EU relations could make involved organisations prime targets for espionage by state-sponsored adversaries. With these factors in play, cyber threats remain a persistent and evolving risk."
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scoop
8 hours ago
- Scoop
Double Bonus For City Rail Link's 'Amazing Achievement'
Shifting the bar higher for New Zealand's infrastructure industry has delivered a double bonus for Auckland's game-changing City Rail Link (CRL). The project has received two top-tier leading ratings from the Australian-based Infrastructure Sustainability Council (ISC): An As-Built leading rating specifically for the design and construction of its main C3 tunnels and stations contract delivered by Link Alliance covering the work to build the Te Waihorotiu, Karanga-a-Hape and Maungawhau Stations, including its use of a tunnel boring machine between Maungawhau and Te Waihorotiu. An As-Built leading rating for the overall CRL project covering the design and construction of C1, C2 and C3 contracts - CRL's entire 3.45 kilometres route of tunnels and stations. The CRL is now the first project to be awarded ISC's Leading IS (Mahi Rauora Aratohu version 1) As Built programme rating overall. The entire CRL project—from Waitematā to Maungawhau - is now officially recognised as meeting the highest sustainability standards ever awarded on either side of the Tasman. ISC Chief Executive, Toby Kent, praised the CRL team's 'amazing achievement' and its commitment to the practice of sustainability. 'The ISC is proud to see New Zealand's biggest transport infrastructure project adopt sustainability into the DNA of its operations. This has been an amazing achievement and demonstrates the overwhelmingly positive social, economic and environmental good that is possible to achieve through an IS Rating," Mr Kent says. CRL Ltd Chief Executive, Patrick Brockie, says the Council's independent assessment is a powerful endorsement of the values and hard mahi adopted and demonstrated by the project, contractors and subcontractors from day one. 'Success for CRL Ltd and our Link Alliance delivery partner is testament to the passion, commitment, and tenacity of the many talented people who have delivered a project that is not just good for Tāmaki Makaurau Auckland, but good for the sector, shifting the needle on how we integrate sustainability, environment, social outcomes and culture into large scale infrastructure projects,' says Mr Brockie. The Infrastructure Sustainability Council praised the commitment by CRL Ltd, Link Alliance and mana whenua to imbed Māori cultural values in the project's design, and deliver positive social outcomes for Māori, Pasifika and rangatahi (youth) by creating employment and training opportunities and supporting Māori and Pasifika businesses with supply chain opportunities. 'Te Ao Māori has environmental sustainability at its very core,' says Edith Tuhimata from the project's Mana Whenua Forum, 'and we have an inherent responsibility to future generations for the way we conduct our businesses and the impacts that has on the environment and the people, if we take care of the Taiao (environment), the Taiao will take care of us. Mana Whenua bring a holistic approach to the CRL project to ensure whakapapa links are acknowledged and the best practical environmental, sustainable, social and cultural outcomes are achieved.' Alongside positive social outcomes, the ISC was impressed by CRL's protection of the environment: substantially reducing the project's carbon footprint; savings around the use of construction and operational energy; more efficient use of water and materials; a dramatic reduction in waste earmarked for landfill; use of high-tech computer technology to help produce more efficient design and construction methodology. Link Alliance Project Director Jean-Philippe Guillemenot says: 'We're proud of the environmental, social, cultural and economic outcomes achieved. The innovations developed by the team has left a legacy, many sustainability firsts for New Zealand, and new benchmarks for future infrastructure projects.' Mr Brockie added that once operational in 2026, CRL will give Aucklanders more sustainable transport choices. 'We are determined to leave Auckland a better place than when we started construction and our success with the two Infrastructure Sustainability Council leading ratings certainly demonstrates that we are on the right track,' Mr Brockie says. The contracts included in the ISC leading ratings are: C1 - Waitematā Station (Britomart)/Lower Queen Street and Commercial Bay: designers Aurecon, Mott MacDonald and Jasmax; delivered by Downer and Soletanche Bachy Joint Venture C2 – northern end of Albert Street between Customs Street/Commercial Bay and Wyndham Streets: designers Aurecon, Mott MacDonald, Grimshaw, Jasmax, Arup; delivered by Connectus (McConnell Dowell and Downer Joint Venture) C3 - Main Tunnel, Stations, Western Line Connection and Rail Systems, delivered by Link Alliance (Vinci Construction Grands Projets, Downer, Soletanche Bachy, WSP, AECOM, Tonkin+Taylor and CRL Ltd) Iwi represented on CRL's Mana Whenua Forum: Te Ākitai Waiohua, Te Kawerau a Maki, Ngāti Maru, Ngāti Paoa, Ngāi Tai ki Tāmaki, Ngāti Tamaoho, Ngāti Whātua Ōrākei, Ngāti Te Ata Waiohua
Techday NZ
9 hours ago
- Techday NZ
Retail ransomware attacks surge 40% as Safepay tops threats
Ransomware attacks targeting the retail sector increased by 40% in May compared to April, according to findings released by NCC Group. The research noted that global ransomware activity decreased by 6% in May, with 393 attacks recorded worldwide. This marked the third consecutive month of decline following elevated attack volumes earlier in 2025. However, security analysts warn that a reduction in numbers does not equate to a lowering of risk amid shifting cybercriminal tactics and ongoing geopolitical tensions. Retail under pressure While the industrial sector continued to experience the highest level of ransomware targeting—comprising 30% of reported cases in May, or 118 incidents—the consumer discretionary sector, including retail, saw a notable surge. Retail-related attacks rose from 73 in April to 102 in May. The report attributes this increase to the appeal of high-value targets in the sector, driven by the disruption of payment systems, access to consumer data, and prospects for substantial ransom payments. Several high-profile retailers were reportedly targeted during the period, including Victoria's Secret, Adidas, Cartier, and Peter Green Chilled. In addition, the group known as Scattered Spider claimed responsibility for attacks on Marks & Spencer and the Co-op during May. Observers from Google Threat Intelligence Group and Mandiant have noted a shift in Scattered Spider's focus toward the US retail sector, where the abundance of large companies increases the field of potential victims. Despite difficulties in precisely attributing individual attacks to Scattered Spider, the group's techniques were observed in several US-based incidents. Safepay rises to prominence Safepay accounted for 18% of all recorded ransomware attacks in May, making it the most active threat actor of the month with 70 reported incidents. NCC Group described this as the first occasion Safepay has appeared among the top ten most prolific threat groups since becoming active in November 2024. Researchers noted suggestions within the security community that Safepay could represent a rebranding of other prominent groups such as LockBit, Alph V, or INC Ransomware. If correct, this would shed light on the rapid rise in activity and the group's apparent capacity and sophistication. Other observed trends included the Play gang moving up to second place with 44 attacks, an increase from its previous ranking, and Qilin dropping to third position with 42 incidents. Akira, which led in April, experienced a 46% decline in reported cases, falling to 35 attacks in May. Regional focus: North America and Europe The report found that most ransomware activity remained concentrated in North America, which accounted for 50% of all incidents, or 193 attacks. Europe experienced 29% of attacks (112), with Asia comprising 13% (49) and South America recording 4% (17). In total, North America and Europe represented 79% of global ransomware cases. AI and prompt injection risks The study also addressed an emerging trend: the vulnerability of artificial intelligence systems to prompt injection attacks. As large language models are more widely adopted across sectors such as healthcare and finance, threat actors have begun to exploit weaknesses using carefully crafted prompts to bypass standard security controls, access sensitive data, or manipulate AI outputs. According to NCC Group, 56% of AI models tested displayed susceptibility to prompt injection attacks. Current defensive measures, such as input validation and monitoring, face challenges in keeping pace with increasingly sophisticated attack methods. Suggestions for strengthening defences include adversarial training, advanced detection, secure memory management, and human-AI oversight. Regulatory bodies are urged to develop best practice guidelines for AI system security. Matt Hull, Global Head of Threat Intelligence at NCC Group, said: "Although reported ransomware incidents declined in March, April, and May, cyber security efforts must be strengthened, not scaled back. Seasonal fluctuations, with summer approaching, may partly explain the dip. However, the rise of new threat actors like Safepay and the emergence of critical vulnerabilities in AI highlight the ongoing volatility of the ransomware landscape. This underscores the need for sustained cyber investment across both industry sectors and national defence. The focus on the UK's retail sector has shone a light on why cyber security is integral to business resilience. "On a broader level, rising global instability, ongoing tensions between the US and China, and evolving alliances are all contributing to threat levels. Trump's involvement in the Middle East could spur deeper collaboration in advanced technologies between the US and Gulf nations, and new efforts to strengthen UK-EU relations could make involved organisations prime targets for espionage by state-sponsored adversaries. With these factors in play, cyber threats remain a persistent and evolving risk."
Scoop
9 hours ago
- Scoop
World's Only B Corp Pest Control Company ‘All In' On New Standards
Goodnature, the world's only B Corp-certified pest control company, is welcoming the sweeping changes to B Corp certification standards, saying the update raises the bar for better business — and they're going 'all in' without yet knowing the specific requirements they'll be measured against, which will be revealed July 1. Goodnature's outdoor traps have killed around 25 million pests globally since 2005. The company released the world's smartest mousetrap in September 2024, with more than 6,000 traps activated worldwide since. Its Wellington-based team is on a mission to eliminate 100 million pests by 2030, without relying on toxins. In April 2025, B Lab - the nonprofit behind B Corp certification - unveiled the most significant overhaul of its standards in nearly two decades. Under the new framework, businesses must meet minimum requirements across seven pillars, meaning companies will no longer be able to offset weaknesses in one area with strengths in another. The seven pillars now include climate action, human rights, environmental stewardship, and circularity, among others. Businesses due for recertification will have an additional 12 months to meet the new standards. Goodnature has been B Corp certified since May 2023 and remains the only pest control company in the world to hold the certification. CEO Dave Shoemack says the company has committed to meeting the new standards despite not knowing the assessment criteria. 'It'll force us to improve and lift our game — and we're up for it,' Shoemack says. 'We're taking this leap of faith because, to us, this is what good business looks like. 'Consumers want to know the work behind the label is real. With the new requirements, you can't fake your way through. We've looked at some certified businesses in the past and thought, how did they make the cut? The move away from a flexible scoring system to firm minimum standards removes that ambiguity. Now, every B Corp will have to meet the same clear expectations — and that strengthens the credibility of the whole movement.' For Goodnature, being B Corp certified has always been a key differentiator for their brand in global markets. 'It sets us apart from our competitors in a visible, credible way. We already do a lot of things differently, and B Corp helps us make that difference clear,' says Shoemack. 'As we grow, it keeps us honest. What could be seen as constraints are actually opportunities to scale in a way that stays true to our purpose. It's a great compass.' He says the new requirements will demand deeper transparency and rigour, which the team welcomes. 'We'll be mapping our supply chain more thoroughly, setting clear climate action plans with measurable targets, and getting to know our products and materials even more intimately. While B Corp certification isn't a silver bullet, it remains one of the most comprehensive and credible tools available to businesses. 'These sweeping changes mean you have to walk the talk — and we're here for it. We're choosing to trust the process and support the direction B Corp is taking. Even without all the details, we know this is the right call for us.' You can find out more about Goodnature at About Goodnature Established in 2005, Goodnature is the only B Corp certified pest control company in the world. Initially beginning its mission in the wild to eradicate pests, it's now scaling its goal of rewilding the world with the introduction of the Goodnature Mouse Trap, the first product they've designed for inside the home in 20 years. So far, their traps have killed 22 million pests globally and wiped out rat populations in four of New Zealand's most fragile ecosystems. Goodnature is also trusted by some of the world's toughest conservation groups, including the Nature Conservancy, Predator Free 2050 and the United Nations Development Program.
