In reply to Moacs:
> It's been 36 hours. I wonder how much of their network is now locked under encyption.
Not sure what you mean here. I'd have thought all their network traffic was encrypted as a matter of course - most websites are routinely after google decided to flag anything not behind https in terms that look scary (thanks google, another £100 a year out my pocket for no good reason)), and Tesco's would have been anyway.
Or do you mean they were subject to a ransom attack?
> Are companies complacent or is it really hard to prevent?
If it was a DDoS (and most are) then a concerted attack is quite hard to prevent. Mind you, setting up a good one us equally tricky - you need to surreptitiously infiltrate a lot of unsuspecting carriers to do the attack on your behalf. Just doing it from a small bunch of servers is easy for routers/firewalls to detect and block. Not that I've ever been inclined to try such a thing - although I did work with an Austrian guy who did do this sort of thing as a hobby. Went by the handle "Alf". Probably dead now. Funny story involving him, the company he worked for, the NYT and Microsoft. Probably for another time - I fear I'm starting to ramble...