A sophisticated ransomware attack targeting IKEA retail operations across multiple European countries has resulted in substantial financial losses totaling €20 million ($22.8 million). The incident, affecting Fourlis Group – IKEA’s operator in Greece, Cyprus, Romania, and Bulgaria – represents one of the most significant cyber attacks in the retail sector for 2024-2025.
Attack Timeline and Operational Impact
The cyber attack was launched on November 27, 2024, strategically timed to coincide with the Black Friday shopping period. The impact of the attack persisted for three months, severely disrupting operations from December 2024 through February 2025. Initial reports classified the incident as a “malicious external interference,” which primarily affected the company’s e-commerce infrastructure and supply chain management systems.
Financial Implications and Business Disruption
The financial impact was particularly severe, with losses distributed across two fiscal years: €15 million in 2024 and an additional €5 million in 2025. While Fourlis Group manages multiple retail brands including Intersport, Foot Locker, and Holland & Barrett, the IKEA division bore the brunt of the attack’s impact. The incident caused significant disruptions to supply chain operations and effectively crippled the company’s online retail capabilities during the crucial holiday shopping season.
Security Response and Incident Management
In a notable demonstration of cyber resilience, Fourlis Group maintained a firm stance against the attackers by refusing to pay any ransom demands. The company implemented a comprehensive incident response plan, engaging external cybersecurity experts to restore system functionality and strengthen defensive measures. Forensic investigation confirmed that no customer data was compromised during the incident, although regulatory authorities were promptly notified as per compliance requirements.
The attack’s attribution remains unclear, as no known ransomware group has claimed responsibility – a unusual circumstance that cybersecurity experts suggest might indicate either a failed data exfiltration attempt or ongoing private negotiation attempts. This incident serves as a crucial reminder of the growing sophistication of ransomware attacks targeting retail operations and emphasizes the critical importance of maintaining robust cybersecurity measures, particularly during high-traffic shopping periods. The case highlights the significant financial impact that cyber attacks can have on retail operations and underscores the importance of investing in comprehensive incident response capabilities and cyber insurance coverage.
