A ransomware attack targeting IKEA retail operations across multiple European countries resulted in financial losses totaling €20 million ($22.8 million). The incident, affecting Fourlis Group – IKEA’s operator in Greece, Cyprus, Romania, and Bulgaria – represents one of the most significant cyber attacks in the retail sector for 2024-2025.
Attack Timeline and Operational Impact
The cyber attack was launched on November 27, 2024, strategically timed to coincide with the Black Friday shopping period. The impact of the attack persisted for three months, severely disrupting operations from December 2024 through February 2025. Initial reports classified the incident as a “malicious external interference,” which primarily affected the company’s e-commerce infrastructure and supply chain management systems.
Financial Implications and Business Disruption
The financial impact was particularly severe, with losses distributed across two fiscal years: €15 million in 2024 and an additional €5 million in 2025. While Fourlis Group manages multiple retail brands including Intersport, Foot Locker, and Holland & Barrett, the IKEA division bore the brunt of the attack’s impact. The incident caused significant disruptions to supply chain operations and effectively crippled the company’s online retail capabilities during the crucial holiday shopping season.
Security Response and Incident Management
In a notable demonstration of cyber resilience, Fourlis Group maintained a firm stance against the attackers by refusing to pay any ransom demands. The company implemented a comprehensive incident response plan, engaging external cybersecurity experts to restore system functionality and strengthen defensive measures. Forensic investigation confirmed that no customer data was compromised during the incident, although regulatory authorities were promptly notified as per compliance requirements.
No ransomware group has publicly claimed the attack — an unusual circumstance suggesting either a failed double-extortion attempt where data exfiltration did not succeed, or an active private negotiation that was never made public. The timing — Black Friday weekend — is consistent with groups that deliberately target peak retail periods to maximize pressure on victims to pay quickly.
