Ransomware Strikes M&S, Demands £10m for Access Restoration

  • M&S cyberattack linked to hacking group Scattered Spider
  • Ransomware attack on M&S’s IT network
  • Hackers demanded up to £10m for access restoration
  • Scattered Spider gained access in February
  • M&S sought help from Microsoft, CrowdStrike, and Fenix24
  • DragonForce encryptor used on files
  • Empty shelves reported in some stores
  • Hundreds of agency workers instructed to stay home

A hacking group called Scattered Spider has been implicated in the ongoing cyberattack on M&S. The criminals used ransomware to target M&S’s IT network, according to a report from Bleeping Computer. The group, consisting of young adults and teenagers operating in the UK and US, initially breached M&S’s systems in February. M&S sought assistance from Microsoft, CrowdStrike, and Fenix24 to investigate and respond to the cyberattack. The hackers allegedly stole the retailer’s Windows domain’s NTDS.dit file, which stores passwords, user accounts, and security data. If accessed by attackers, this file can compromise the entire network. Sources told Bleeping Computer that the group used the ‘DragonForce’ encryptor on files, locking data and systems until a ransom is paid for a decryption key. It’s unclear if M&S was or is being held ransom, but a potential ransom could be £10m. The attack has led to empty shelves in some stores, with the extent of the issue unknown. On Monday, M&S instructed hundreds of agency workers from its main distribution center to stay home as they dealt with the aftermath.

Factuality Level: 7
Factuality Justification: The article provides relevant information about a cyberattack on M&S and includes details from a reputable source (Bleeping Computer). However, it contains some tangential information about Ikea’s Oxford Street flagship opening, which is not directly related to the main topic.
Noise Level: 4
Noise Justification: The article provides relevant information about a cyberattack on M&S and the potential ransom demand, but it contains some irrelevant information at the end about Ikea’s flagship store opening which is unrelated to the main topic.
Financial Relevance: Yes
Financial Markets Impacted: No
Financial Rating Justification: The article discusses a cyberattack on M&S’s IT network by the hacking group Scattered Spider and its potential impact on the company’s operations, which could affect their business and financial performance. However, it does not directly mention any specific financial markets being impacted.
Presence Of Extreme Event: Yes
Nature Of Extreme Event: Technological Disruption
Impact Rating Of The Extreme Event: Severe
Extreme Rating Justification: The article discusses a cyberattack on M&S’s IT network by the hacking group Scattered Spider, which has led to empty shelves in some stores and forced hundreds of agency workers to stay at home. The attack caused significant disruption to the company’s operations.

Reported publicly: www.retailgazette.co.uk