- Marks & Spencer suffered a cyber incident at the beginning of April
- The media say that the attack was the work of Dispersedspider
- The retailer is still addressing the interruption
The main cyber incident in the British retailer Marks & Spencer, who has been in progress for more than a week, seems to be the work of the dispersed spider, an infamous and slippery threat actor. The news was broken by Bleepingcomputerciting “multiple sources” and affirm that this was a ransomware attack. However, the company itself did not want to comment on the information.
At the end of April, a “cyber incident” was learned that affected M&S stores for “days” and resulted in “small changes” for store operations. The company also confirmed that the click and collection services were affected, and that some stores could not process the contactless payments.
A few days later, the company said that it had to carry some systems and processes offline, and that the click and collection services had to stop at all stores. Online orders were also resulted in.
Old actors or new imitators?
The retailer said in a statement that to protect colleagues, partners, suppliers and business, “he made the proactive decision to move some [of our] Out -line processes. ”There were no confirmations that it was a ransomware attack, although everything indicated that this was the case.
Now, Bleepingcomputer He says that this was, in fact, a ransomware attack, made by nothing less than a scattered spider. This is not a threat actor sponsored by the State, but a group of financial motivation. Usually, it is directed to companies in the West, such as technology companies, telecommunications and those that work in hospitality. The group is divided into networks through social engineering tactics and SIM exchange.
In previous years, it used to implement the Blackcat/Alphv Ransomware variant, but since this group dissolved and disappeared, it turned to other solutions. In this case, the publication says that DragonForce encrypted to M&S VMware ESXI hosts on April 24, virtual machines. Dragonforce has recently turned to a ‘Cartel’ business model.
Multiple cybersecurity teams have been brought to investigate and help mitigate damage, including Crowdstrike, Microsoft and Fenix24.
Through Bleepingcomputer
