In early 2025, a coordinated ransomware campaign by the DragonForce group infiltrated Marks & Spencer’s IT environment, deploying its encryptor on VMware ESXi hosts that supported critical e-commerce and payment platforms. The attack forced M&S to suspend all online sales for five days while IT teams worked to restore encrypted virtual machines and sanitize systems. During this blackout, the retailer incurred estimated daily losses of £3.8 million from halted transactions and customer attrition. Investor confidence also took a hit, with the company’s market capitalization dropping by over £500 million as trading in M&S shares reflected concerns about operational resilience and surge protection. Although no customer data was exfiltrated, the incident exposed gaps in patch management and incident response processes. Post-incident assessments highlighted the need for stronger network segmentation, faster ransomware detection capabilities, and robust backup and recovery workflows. M&S has since accelerated its cybersecurity investment, deploying next-generation endpoint protection and multi-factor authentication across its cloud and on-premises infrastructure to mitigate future threats.
Source: https://cybersecuritynews.com/dragonforce-ransomware-hits-harrods-marks-and-spencer/
"id": "mar1041050625",
"linkid": "marks-and-spencer",
"type": "Ransomware",
"date": "5/2025",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"