The criminals claim they were also behind the attack on M&S which struck over Easter.
Although M&S has yet to confirm it is dealing with ransomware, cyber experts have long said that is the situation and M&S has not issued any advice or corrections to the contrary.
Nearly three weeks on, the retailer is still struggling to get back to normal, as online orders are still suspended and some shops have had continued issues with contactless payments and empty shelves this week.
An analysis from Bank of America estimates the fallout from the hack is costing M&S £43m per week.
On Tuesday, M&S admitted personal customer data was stolen in the hack, which could include telephone numbers, home addresses and dates of birth.
It added the data theft did not include useable payment or card details, or any account passwords – but nonetheless urged customers to reset their account details and be wary of potential scammers using the information to make contact.
Co-op seems to be recovering more quickly, saying its shelves will start to return to normal from this weekend.
Nonetheless it is expected to feel the effects of the cyber attack for some time.
“Co-op have acted quickly and their work on the recovery helps to soften things slightly, but rebuilding trust is a bit harder,” Prof Oli Buckley, a cyber security expert at Loughborough University, told the BBC.
“It will be a process of showing that lessons have been learned and there are stronger defences in place,” he added.
The same cyber-crime group has also claimed responsibility for an attempted hack of the London department store Harrods.
The hackers who contacted the BBC say they are from DragonForce which operates an affiliate cyber crime service so anyone can use their malicious software and website to carry out attacks and extortions.
It’s not known who is ultimately using the service to attack the retailers, but some security experts say the tactics seen are similar to that of a loosely coordinated group of hackers who have been called Scattered Spider or Octo Tempest.
The gang operates on Telegram and Discord channels and is English-speaking and young – in some cases only teenagers.
Conversations with Co-op hackers were carried out in text form – but it is clear the hacker, who called himself a spokesperson, was a fluent English speaker.
They say two of the hackers want to be known as “Raymond Reddington” and “Dembe Zuma” after characters from US crime thriller Blacklist which involves a wanted criminal helping police take down other criminals on a ‘blacklist’.
The hackers say “we’re putting UK retailers on the Blacklist”.