Here are the cyber tools Co-op used to help defeat its recent ransomware attack

Retailer uses a variety of cyber partners to ID attacks in real-time, segregate data and environments, and enable rapid response

Computing research has identified the security tools and partners the Co-op used to stop last month’s cyberattack in its tracks.

Supermarket chain Co-op used a variety of cybersecurity partners to help defend itself from a recent ransomware attack from a gang using the cybercrime service DragonForce.

The hacking group claimed to have been sitting inside Co-op’s network for some time, telling the BBC that it "spent a while seated in their network."

But the hackers were detected when they attempted to infect the network with ransomware, claiming: "Co-op's network never ever suffered ransomware. They yanked their own plug - tanking sales, burning logistics, and torching shareholder value.”

Despite the attackers’ attempt to paint Co-op's response in a negative light, it’s a small price to pay for avoiding the ransomware that shut down M&S and Harrods in the same week.

Now, research from Computing has revealed the tools and services Co-op used to defeat the attack.

The tools of success

Co-op has installed Vectra’s Cognito AI threat hunting platform, being a customer since 2017. This security automation platform is able to detect attacks in real-time and was likely a key tool in Co-op’s ability to recognise the threat and act quickly to shut down affected systems.

Announcing the customer win in 2017, Gerard Bauer, then VP of EMEA at Vectra, said: “The Cognito AI platform automates threat hunting, triage and correlation for the Co-op security team and prioritises threats based on risk level so they can respond immediately.”

The retailer uses Kerv Connect to implement network segmentation across store environments, one of the steps it took to achieve PCI DSS compliance. This involved deploying firewalls with defined security zones, effectively isolating cardholder data and reducing the scope of systems subject to PCI compliance requirements.

In 2023 it started using Axway’s B2B integration solutions to manage its supply chain operations. These tolls also contribute to secure data exchange and system interoperability, essential components of its overall security posture.

It also has a strategic relationship with Microsoft, using Azure’s cloud infrastructure to host various applications.

These tools and services in combination helped the retailer to defend itself against what could have been a far more damaging attack. Noticing the malicious activity in real-time and taking the action to effectively unplug affected systems helped it to get back online quickly.

Rival retailer Marks & Spencer was unable to respond as rapidly and at the time of writing many of its services are still offline, costing it a reported £43m per day in lost revenue.

When contacted for comment Co-op refused to elaborate further on its security partners. A spokesperson said: “Following the malicious third-party cyber-attack, we took early and decisive action to restrict access to our systems in order to protect our Co-op.

“...We’d like to thank all our colleagues, members, partners and suppliers for their support so far.”

Update 29^th May 2025: An earlier version of this article incorrectly described Co-op as a Silverfort customer. Silverfort supplies its services to Coop, a German retail and wholesale company.