Cyber Incident Victim: Supermercados Llobet, S.A.
Date:
Jan 2022
Location:
Spain
Summary
A cyberattack disrupted operations at a supermarket chain, severely impacting financial and distribution systems. Attackers demanded an unspecified ransom, which the company refused to pay despite ongoing difficulties restoring compromised systems over a week later. Technical teams and external cybersecurity specialists worked to rebuild inventory management for nearly 12,000 products and reconstruct accounting records, requiring manual data re-entry that caused operational delays. The attack's effects propagated to 40 stores across multiple regions, resulting in product shortages due to centralized warehouse disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 10, 2022, Supermercados Llobet, S.A. (Grup Llobet) experienced a cyberattack that severely disrupted its operations. The attack compromised systems critical to financial and distribution functions, rendering them inoperable. Attackers deployed ransomware that encrypted company equipment, blocking access to accounting systems and supply chain management tools. Following the breach, the perpetrators contacted Llobet’s management to demand an unspecified ransom payment in exchange for restoring system access. The company refused to comply with the ransom demand despite the attackers characterizing the amount as "importante." Grup Llobet engaged its existing IT personnel and contracted external cybersecurity specialists to assist with recovery efforts. By January 17—eight days post-incident—full system restoration remained elusive, with significant technical challenges persisting. The Mossos d'Esquadra (Catalonia’s police force) initiated an investigation into the attack, though no attribution details were publicly disclosed.
The operational paralysis forced Grup Llobet to implement manual workarounds with substantial business consequences. During the weekend of January 15-16, warehouse staff urgently recreated inventory records by manually inputting data for nearly 12,000 distinct products into a new system—a process necessitated by the irreversible compromise of legacy systems. Accounting departments faced analogous reconstruction challenges, with no certainty of recovering pre-attack financial data. Supply chain disruptions emerged as the attack affected the central warehouse serving all 40 Llobet stores across Catalonia’s Bages, Moianès, Berguedà, Solsonès, Prats de Lluçanès (Osona), and Vacarisses (Vallès Occidental) regions. This logistical bottleneck led to visible product shortages on store shelves, directly impacting retail operations. The company sustained ongoing financial and reputational harm while continuing recovery efforts without capitulating to extortion demands.