- Marks and Spencer CEO received communication from a ransom -band
- This follows a devastating attack earlier in 2025
- The e-mail confirms a connection between the M&S and Co-op attacks
Marks and Spencer were among the British retailers who led devastating cyberattacks earlier in 2025, with services and stores facing disturbance, as well as online orders were suspended.
In the middle of all this, reports from the BBC requirement CEO Stuart Machin were personally sent e emails by the striker who went to him and invited him to start negotiating the ransom fee.
“We have marched the ways from China all the way to the UK and have mercilessly raping your business and encrypted all servers,” the hackers wrote. “The dragon will talk to you, then go over to [our darknet website]”
“Let’s get the party going”
The group, which calls itself “Dragonforce”, also assumed the responsibility of the CO -OP attack that came around a similar time -making this e -mail the first official connection between the two incidents.
A little is known so far about the group itself, but E emails confirm that this was a ransomware attack, something that M&S has so far refused to comment.
It was sent through a London -based Tata Consultancy Services (TCS) employee, and it seems that this employee was also hacked as part of the wider attack -and the Indian IT service is investigating whether it was the origin of M&’s Cyberattack.
The e -mail indicated a knowledge of the company’s cyber insurance and spotted the company; “We know we can both help each other nicely :))”. The e -mail also included a link to begin ransom negotiations; “Let’s get the party going. Send us message. We’ll do it quickly and easily for us.”
We reached out to Marks and Spencer for comment which it rejected and offered the following;
“We cannot comment on details of or speculation about the cyber event, and we have been asked not to do so.”
