- Marks & Spencer underwent cyber-incident earlier in April
- The media say that the attack was the work of dispersed
- The retailer always attacks the breakdown
The main cyber-inclusive in the British retailer Marks & Spencer, who has been continuing for more than a week now, seems to be the work of Spander Spider, an infamous and slippery threat actor. The news was broken by Bleeping CompomputeQuoting “multiple sources” and saying that it was a ransomware attack. The company itself did not want to comment on the information.
At the end of April, the news broke out of a “cyber-incident” which affected M&S stores for “days” and led “small changes” for store operations. The company also confirmed that click and collection services have been affected and that certain stores have not been able to treat contactless payments.
A few days later, the company said that it had to take certain offline systems and processes, and that click and collection services had to be poor in all stores. Online orders have also been interrupted accordingly.
Former actors or new copies?
The retailer said in a statement that to protect colleagues, partners, suppliers and the company, he “made the proactive decision to move some [of our] Offline process ”. There was no confirmation that it was a ransomware attack, although it all pointed out that it was.
NOW, Bleeping Compompute Said it was, in fact, a ransomware attack, led by none other than Spisted Spider. He is not a threat actor sponsored by the state, but rather a financially motivated collective. It generally targets Western companies, such as technological companies, telecommunications operators and those working in hospitality. The group spreads in networks thanks to social engineering tactics and the exchange of SIM.
In previous years, he used to deploy the variant of BlackCat / Alphv ransomware, but since this group dissolved and disappeared, he pivoted other solutions. In this case, the publication indicates that it has deployed the DragonForce Encryptor to VMware ESXi hosts in M&S on April 24, encrypting virtual machines. Dragonforce recently pivoted a “Cartel” commercial model.
Several cybersecurity teams have been brought to investigate and help reduce damage, including Crowdstrike, Microsoft and Fenix24.
Via Bleeping Compompute
