- The CEO of Marks and Spencer received the communication of a ransom gang
- This follows a devastating attack earlier in 2025
- E-mail confirms a link between M&S and cooperative attacks
Marks and Spencer was one of the British retailers who underwent devastating cyber attacks earlier in 2025, with services and stores faced with disturbances, as well as online suspension orders.
In the midst of all this, the reports of the CEO of the BBC complaint company, Stuart Machin, personally sent emails by the attackers doing it and inviting him to start negotiating the ransom costs.
“We walked from China to the United Kingdom and have mercilessly violated your business and encrypted all the servers,” the pirates wrote. “The dragon wants to talk to you so please go to [our darknet website]. “”
“Let’s start the party”
The group, which is called “Dragonforce”, also claimed the responsibility of the cooperative attack, which took place a similar period – making this email the first official link between the two incidents.
It is little known so far on the group themselves, but the emails confirm that it was a ransomware attack, something that M&S has so far refused to comment.
He was sent through an employee of Tata Consultancy Services (TCS), based in London, and it seems that this employee was also hacked in the context of the wider attack – and that the Indian IT service investigates the question of whether it was the origin of the M&S cyber attack.
E-mail indicated an knowledge of the company’s cyber-assurance, taunting the company; “We know that we can both help our two :))”. The email also contained a link to start ransom negotiations; “Let’s go to the party. Send us a message, we will go quickly and easy for us.”
We contacted Marks and Spencer to comment, which he refused, offering the following;
“We cannot comment on details or speculation on cyber incident, and we were advised not to do it.”
