- M&S President Archie Norman attributes the recent Ransomware -attack to Dragonforce
- Law enforcement is still involved and we don’t know any ransom information
- Norman calls for greater transparency and cyberattack -reporting
M&S still refuses to confirm if it paid a ransom after a recent major cyberattack, but at least we have an indication of its cause.
It is assumed that the attack was carried out by Dragonforce, a ransomware operation assumed to be based in Asia or Russia-a separate group from hacktivists on the similarly named Dragonforce Malaysia.
M&S chairman Archie Norman explained that detection of details of any ransom would not be in the public interest, given that law enforcement authorities are still involved in the case.
M&S shares more information about attacks
“We have said that we are not discussing any of the details of our interaction with the threat actor,” Norman, speaking in a British parliament on the way to cyberattacks in the retail sector, emphasized.
We now know that the original violation was done via Social Engineering, where the striker mimics an M&S worker and fools a third party to reset an employee’s password.
The Financial times Only weeks after the Cyberattack revealed that Tata Consultancy Services, a third party that M&S uses to help control Help Desk -Support, could have been inadvertently tied in the violation.
Attackers threatened to leak the acquired data, but they also encrypted them from M&S in what is known as a double extortion attack. In May, M&S confirmed that names, birth dates, addresses, telephone numbers, household information and order stories all were included.
150 GB of data was allegedly stolen before M&S closed systems to prevent further spread, which led to delivery disorders. Creation efforts are still underway, with Norman expecting full improvement by October or November 2025.
Dragonforce has not sent M&S data, which may suggest that a ransom could have been paid or the negotiations are ongoing.
Looking ahead, Norman calls for more transparency about the reporting of Cyberattacks: “We have reason to believe that there have been two major cyberattacks on large British companies in the last four months that have gone unreported,” he said.
Via Pakinomist
