- M&S chairman Archie Norman attributes recent ransomware attack to DragonForce
- Law enforcement is still involved, and we don’t know any ransom details
- Norman is calling for greater transparency and cyberattack reporting
M&S is still refusing to confirm whether it paid a ransom following a recent major cyberattack, but at least we have an indication of its cause.
It’s believed the attack was carried out by DragonForce, a ransomware operation believed to be based in Asia or Russia – a separate group from hacktivists at the similarly-named DragonForce Malaysia.
M&S chairman Archie Norman explained disclosing details of any ransom would not be in the public interest, given that law enforcement agencies are still involved with the case.
M&S shares more information on attack
“We’ve said that we are not discussing any of the details of our interaction with the threat actor,” Norman, speaking at a UK Parliament heading on cyberattacks in the retail sector, stressed.
We now know the initial breach occurred via social engineering, with the attacker impersonating an M&S worker and tricking a third party into resetting an employee’s password.
The Financial Times revealed just weeks after the cyberattack that Tata Consultancy Services, a third party that M&S uses to help manage help desk support could have been inadvertently tied up in the breach.
Attackers threatened to leak the acquired data, but they also encrypted it from M&S in what’s known as a double extortion attack. In May, M&S confirmed that names, birth dates, addresses, phone numbers, household information and order histories were all included.
150GB of data was reportedly stolen before M&S shut down systems to prevent further spread, leading to delivery disruptions. Recovery efforts are still ongoing, with Norman expecting full recovery by October or November 2025.
DragonForce has not posted M&S data, possibly implying that a ransom could have been paid or that negotiations are ongoing.
Looking ahead, Norman is calling for more transparency around reporting cyberattacks: “We have reason to believe there’ve been two major cyberattacks on large British companies in the last four months which have gone unreported,” he said.
Via Reuters
You might also like
- M&S online orders are back following cyberattack – here’s what you need to know
- Enhance protection by using the best authenticator apps
- We’ve listed the bets firewall software