Contact Us

DragonForce Ransomware behind Mark and Spencer digital outage

Almost a week ago, renowned UK-based retailer Marks & Spencer (M&S) became the victim of a devastating cyber attack that left the company in full-blown disruption mode. The retailer, known for its wide range of quality clothing, food, and household goods, now faces the aftermath of a sophisticated and well-executed cyber assault. Recent reports indicate that the attack is likely the work of a highly organized crime group, known as DragonForce, who deployed a powerful ransomware variant that could have caused lasting damage to the company’s IT infrastructure for days.

As the attack unfolded, M&S’s IT teams have been working around the clock to restore the company’s systems and resume normal operations. However, customers have reported ongoing issues, particularly with online bookings and technical glitches on the retailer’s website. The company’s internal networks were clearly disrupted, resulting in a series of cascading problems for both employees and customers trying to access M&S’s digital services.

The DragonForce Group and Its Methods

The group responsible for this cyber attack, DragonForce, is no stranger to high-profile ransomware incidents. Known for their “double extortion” tactics, they employ a two-pronged approach to cybercrime. First, DragonForce infiltrates the targeted organization’s systems and extracts sensitive data. Once they’ve secured the data, they encrypt it, effectively locking the company out of its own information until a ransom is paid. This ransom is typically demanded in cryptocurrency, making it difficult to trace the payments. The encryption locks the company’s access to its critical data, potentially crippling business operations for an extended period.

But the extortion doesn’t end there. Even after the ransom is paid, there is no guarantee that the attackers will provide the decryption key. The criminals often choose to sell the stolen data on the dark web, leaving the victimized company with not just the potential for business disruption but also the looming threat of data breaches and identity theft.

M&S’s Silence on the Attack

As of now, Marks & Spencer has refrained from making an official statement about the involvement of DragonForce or the specifics of the attack. The company has chosen to handle the situation discreetly, focusing on recovery efforts and planning to disclose the full details at a later time. While this level of confidentiality is understandable from a corporate standpoint, it leaves customers and the general public in the dark about the scope and severity of the breach.

However, the lack of an official update does raise questions about how deep the attack may have penetrated into the company’s systems. If the malware was as sophisticated as reports suggest, the recovery process could take much longer than initially anticipated.

The Ripple Effect of Cyber Attacks

Cyber-attacks of this magnitude bring significant consequences to the victimized companies. Apart from the immediate disruption to business operations, such attacks often tarnish the brand’s reputation. Consumers, especially those entrusting personal data to online services, tend to view a company’s inability to safeguard their information with skepticism. In M&S’s case, this could undermine years of consumer trust and loyalty.

Additionally, law enforcement agencies such as the FBI and Europol strongly advise against paying the ransom in situations like this. The primary reason being that paying the ransom not only funds criminal enterprises but also doesn’t guarantee the attackers will release the decryption key. In some cases, companies that comply with ransom demands find themselves targeted again, as cybercriminals perceive them as easy marks.

The Threat of Data Theft and Its Aftermath

In the case of “double extortion” ransomware attacks, the immediate concern isn’t just the disruption of business systems but the theft and sale of sensitive company data. DragonForce, like other ransomware groups, is known to sell this data on the dark web, where it can be used for a range of malicious purposes. This could include identity theft, fraud, and social engineering attacks targeting both the company’s customers and employees.

For businesses like M&S, the threat of customer data being sold on the dark web presents a long-term risk to their reputation and the safety of their clientele. Consumers who have their personal information exposed may face a variety of security risks, including financial fraud and phishing scams. This makes the impact of a cyberattack extend far beyond the immediate disruption, leaving companies to clean up the mess for months, or even years.

What Should Companies Do in Response?

The best course of action for any company facing a cyber attack is to refrain from paying the ransom. Instead, businesses should report the incident to the appropriate law enforcement authorities. Agencies like the FBI and Europol are equipped to track stolen data and monitor its potential sale on the dark web. By involving law enforcement early, companies can ensure that there are efforts to mitigate the risks of further data breaches and limit the damage caused by the attack.

Moreover, organizations should adopt proactive cybersecurity measures to help prevent future breaches. This includes regularly updating software and security patches, using strong encryption practices, training staff on phishing awareness, and investing in a robust backup system to ensure data can be recovered quickly in the event of an attack.

The Growing Threat of Cybercrime

The M&S incident underscores a broader trend in the growing sophistication of cybercriminal groups. As more businesses move online and digitize their operations, they become prime targets for ransomware attacks. The rise of ransomware-as-a-service has also made it easier for even less technically skilled criminals to launch such attacks. With the increasing frequency and severity of these incidents, it is more important than ever for organizations to take cyber threats seriously and adopt a comprehensive approach to cybersecurity.

In conclusion, while the immediate impact of the DragonForce attack on M&S is still unfolding, it serves as a stark reminder of the growing risks businesses face in the digital age. Proactive planning, strong cybersecurity defenses, and cooperation with law enforcement are essential to mitigate the damage caused by cybercriminals and protect the interests of both companies and their customers.

The post DragonForce Ransomware behind Mark and Spencer digital outage first appeared on Cybersecurity Insiders.

The post DragonForce Ransomware behind Mark and Spencer digital outage appeared first on Cybersecurity Insiders.

-- Get the right stuff from a partner you trust. --

Partners

-- IT NEWS --

Blog

admin May 17th, 2025

Something is bricking Nest Hub smart displays, but a fix is on the way (Updated)

Owners of the first-gen Nest Hub report recent device failures, freezing up during the boot process. Attempts to factory reset […]

Read More Something is bricking Nest Hub smart displays, but a fix is on the way (Updated)
admin May 17th, 2025

Google’s glorious G glow-up spreads its rainbow across Android

Google is updating its multi-colored G logo for the first time in a decade. After first appearing on iOS and […]

Read More Google’s glorious G glow-up spreads its rainbow across Android
admin May 16th, 2025

One UI 7 adds new controls to a feature that hasn’t changed since One UI 3

Credit: Joe Maring / Android Authority Most smartphones come with a power-saving mode that, when enabled, tweaks system settings to […]

Read More One UI 7 adds new controls to a feature that hasn’t changed since One UI 3