CyberSecurity news
FlagThis
@cyberpress.org
//
Marks & Spencer (M&S), the prominent retail giant, was recently hit by a significant ransomware attack over the Easter period. The cyberattack, orchestrated by the DragonForce hacker group, disrupted crucial business functions, including online ordering and staff clocking systems. The attackers employed "double extortion" tactics, indicating that they stole sensitive data before encrypting the company's servers. This aggressive move puts M&S at risk of both data loss and public exposure.
An exclusive report reveals that the CEO of M&S received an offensive extortion email detailing the timeline and nature of the attack. The email, reportedly filled with abusive language, claimed that DragonForce had "mercilessly raped" the company and encrypted its servers. In response to the attack, M&S took drastic measures by switching off the VPN used by staff for remote work, which successfully contained the spread of the ransomware, but further disrupted business operations. The financial impact of this cyber incident has been substantial, with reports indicating losses of approximately £40 million per week in sales.
DragonForce, the ransomware group behind the attack, has reportedly compromised over 120 victims in the past year, establishing itself as a major player in the cybercrime landscape. The group has evolved from a Ransomware-as-a-Service (RaaS) model to a fully-fledged ransomware cartel, targeting organizations across various sectors, including manufacturing, healthcare, and retail. While the origins of DragonForce are speculative, technical indicators suggest a Russian alignment, including the use of Russian-linked infrastructure and recruitment efforts through Russian-speaking cybercrime forums. M&S has pointed to "human error" as the cause of the breach, with scrutiny falling on an employee of Tata Consultancy Services (TCS), which provides IT services to the retailer, although M&S has officially disputed claims that it didn't have proper plans to handle a ransomware incident.
ImgSrc: blogger.googleu
References :
An exclusive report reveals that the CEO of M&S received an offensive extortion email detailing the timeline and nature of the attack. The email, reportedly filled with abusive language, claimed that DragonForce had "mercilessly raped" the company and encrypted its servers. In response to the attack, M&S took drastic measures by switching off the VPN used by staff for remote work, which successfully contained the spread of the ransomware, but further disrupted business operations. The financial impact of this cyber incident has been substantial, with reports indicating losses of approximately £40 million per week in sales.
DragonForce, the ransomware group behind the attack, has reportedly compromised over 120 victims in the past year, establishing itself as a major player in the cybercrime landscape. The group has evolved from a Ransomware-as-a-Service (RaaS) model to a fully-fledged ransomware cartel, targeting organizations across various sectors, including manufacturing, healthcare, and retail. While the origins of DragonForce are speculative, technical indicators suggest a Russian alignment, including the use of Russian-linked infrastructure and recruitment efforts through Russian-speaking cybercrime forums. M&S has pointed to "human error" as the cause of the breach, with scrutiny falling on an employee of Tata Consultancy Services (TCS), which provides IT services to the retailer, although M&S has officially disputed claims that it didn't have proper plans to handle a ransomware incident.
ImgSrc: blogger.googleu
Share:
References :
- www.bitdefender.com: Marks & Spencer’s ransomware nightmare – more details emerge
- bsky.app: EXCLUSIVE: "We have mercilessly raped your company and encrypted all the servers" - the aggressive extortion email sent to the CEO of M&S has been revealed. The offensive blackmail note reveals lots of things about the nature of the attack, the timeline and the hackers
- cyberpress.org: Reports over 120 victims have been compromised in the last year.
- The Register - Security: M&S online ordering system operational 46 days after cyber shutdown
- www.techradar.com: M&S online orders are back following cyberattack - here's what you need to know
- www.cybersecuritydive.com: Marks & Spencer restores some online-order operations following cyberattack
- www.techdigest.tv: M&S resumes online orders weeks after cyber attack
- www.tripwire.com: Report on DragonForce's email to M&S CEO about taking responsibility for the attack.
- bsky.app: DragonForce has started posting new victims to its darknet site. Two new orgs now being publicly extorted. Nothing yet on Co-op/M&S/ Harrods.
- www.infosecworrier.dk: Details regarding the significant data breach and the ransomware attack targeting Marks & Spencer.
Classification:
- HashTags: #Ransomware #DragonForce #DataTheft
- Company: Marks & Spencer (M&S)
- Target: Marks & Spencer (M&S)
- Attacker: DragonForce
- Feature: double extortion
- Type: Ransomware
- Severity: Major