- The president of M&S Archie Norman attributes a recent attack from Ransomware to DragonForce
- The police are always involved and we do not know any details of ransom
- Norman calls for greater transparency and cyber attack report
M&S still refuses to confirm if she paid a ransom following a recent major cyber attack, but at least we have an indication of her cause.
It is believed that the attack was carried out by DragonForce, a ransomware operation which would be based in Asia or in Russia – a group separated from hacktivists of the DragonForce Malaysia, named in the same way.
The president of M&S, Archie Norman, explained that the disclosure of details of any ransom would not be in the public interest, since the law enforcement organizations are always involved in the case.
M&S Shares more information on the attack
“We have said that we do not discuss any of the details of our interaction with the threat actor,” said Norman, speaking in a British parliament on cyber attacks in the retail sector.
We now know that the initial violation has occurred via social engineering, the attacker pretending to be an M&S worker and inciting a third party to reset the password of an employee.
THE Financial time Revealed only a few weeks after the cyber attack that Tata Consultancy Services, a third party that M&S uses to help manage the support of the assistance office could have inadvertently attached to the violation.
The attackers threatened to disclose the acquired data, but they also quantified it by M&S in what is called a double extortion attack. In May, M&S confirmed that names, birth dates, addresses, telephone numbers, household information and order history were all included.
150 GB of data would have been stolen before stopping M&S systems to prevent a new spread, resulting in delivery disturbances. Recovery efforts are still in progress, Norman expecting a complete recovery by October or November 2025.
DragonForce has not published M&S data, which may imply that a ransom could have been paid or that negotiations are underway.
For the future, Norman calls for more transparency regarding the reporting of cyber attacks: “We have reasons to believe that there have been two major cyber attacks on large British companies in the past four months that are not reported,” he said.
Via PK Press Club
