- The president of M&S, Archie Norman, attributes a recent ransomware attack to Dragonforce
- The application of the law is still involved, and we do not know any rescue detail
- Norman is asking for greater transparency and cyber reports
M&S is still refusing to confirm if he paid a rescue after a great recent cyber attack, but at least we have an indication of his cause.
It is believed that the attack was carried out by Dragonforce, a ransomware operation that is believed to have its headquarters in Asia or Russia, a group separate from hacktivists in the Dragonforce Malaysia with the similar name.
The president of M&S, Archie Norman, explained that the dissemination of details of any rescue would not be of public interest, since the agencies of application of the law are still involved with the case.
M&S shares more information about the attack
“We have said that we are not discussing any of the details of our interaction with the threat actor,” Norman emphasized, speaking in a Parliament of the United Kingdom that goes to cyber attacks in the retail sector, he emphasized.
Now we know that the initial violation occurred through social engineering, with the attacker who passes through an M&S worker and cheating a third party to restore the password of an employee.
He Financial Times Revealed only weeks after cyber attack that Tata Consultancy Services, a third that uses M&S to help administer the support of the help table, could have been unnoticed in violation.
The attackers threatened to filter the acquired data, but also encrypted them of M&S in what is known as a double extortion attack. In May, M&S confirmed that names, birth dates, addresses, telephone numbers, home information and orders stories were included.
According to the reports, 150 GB of data were stolen before M&S closed the systems to avoid greater propagation, which leads to delivery interruptions. Recovery efforts are still ongoing, and Norman expects a complete recovery in October or November 2025.
Dragonforce has not published M&S data, possibly implying that a rescue could have been paid or that the negotiations are ongoing.
Looking towards the future, Norman is asking for more transparency about informing cyber attacks: “We have reasons to believe that there have been two important cyber attacks in the large British companies in the last four months that have not been reported,” he said.
Through PakGazette
