The UK’s National Crime Agency has arrested four people over a series of disruptive cyberattacks that targeted leading British retailers earlier this year.

The authorities detained three teenage males and one 20-year-old female in the West Midlands and London on suspicion of Computer Misuse Act offenses, blackmail, money laundering and participating in the activities of an organised crime group, the agency said in a statement Thursday. 

The arrests were made in connection with an investigation into hacks in April that targeted Marks & Spencer Group Plc, Co-Op and Harrods.

The attack on M&S locked down the company’s internal systems with ransomware, causing weeks of disruption to online sales and an estimated £300mil (RM1.73bil) hit to its operating profit. Meanwhile, the Co-Op said hackers stole data from its internal systems on "a significant number” of its customers.

Paul Foster, head of the National Crime Agency’s cybercrime unit, said the investigation into the attacks was one of his organization’s top priorities.

"Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice,” Foster said in the statement.

A spokesperson for M&S said that the company welcomed the development and thanked the crime agency "for its diligent work on this incident.” 

A Co-Op spokesperson said its members were pleased their cooperation led to the arrests. Harrods did not respond to a request for comment.

The suspects were arrested at their home addresses on Thursday and had electronic devices seized, according to the National Crime Agency. Three are British nationals and a 19-year-old male from the West Midlands is Latvian, investigators said.

Retail companies around the world have been plagued by a campaign of cyberattacks that some researchers attribute to Scattered Spider, a loosely affiliated English-speaking hacking gang that targets companies and individuals. 

A group resembling Scattered Spider recently moved from targeting retail to insurance companies and airlines, according to Charles Carmakal, chief technology officer at Google’s Mandiant. 

The National Crime Agency declined to comment on if those arrested were affiliated with the group.

The hackers worked with another cybercrime gang, known as DragonForce, to carry out the UK retail attacks, Bloomberg News reported previously. Dragonforce rents out malicious software, known as ransomware, to other hackers. Typically, ransomware encrypts files stored on computers and the hackers then demand payment in cryptocurrency to unlock the files.

The incident occurred as a result of "sophisticated impersonation” of one of the retailer’s third-party users, Marks & Spencer Chairman Archie Norman told a UK parliamentary committee on Wednesday. 

"It’s fair to say that everybody at M&S experienced it,” he said. "We’re still in the rebuild mode and will be for some time to come,” though things would return to normal for customers by the end of this month, Norman added. – Bloomberg