Ransomware cyber

Marks & Spencer

May 21, 2025 1 min read
Marks & Spencer

British retailer giant Marks & Spencer (M&S) is facing a potential profit hit of up to £300 million following a recent ransomware attack that led to widespread operational and sales disruptions. The company confirmed that online retail systems are disabled and expects disruptions to last until July. Food sales have been impacted by reduced availability, and the company has incurred additional waste and logistics costs. Online sales and trading profit in Fashion, Home & Beauty have also been heavily impacted. The attack was linked to the Scattered Spider group, who used a DragonForce encryptor to encrypt virtual machines on VMware ESXi hosts, leading to significant business disruptions and the theft of customer data.

Source: https://www.bleepingcomputer.com/news/security/marks-and-spencer-faces-402-million-profit-hit-after-cyberattack/

TPRM report: https://scoringcyber.rankiteo.com/company/marks-and-spencer

"id": "mar356052125",
"linkid": "marks-and-spencer",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': None,
                        'industry': 'Retail',
                        'location': 'United Kingdom',
                        'name': 'Marks & Spencer',
                        'size': '1,400 stores',
                        'type': 'Retailer'}],
 'attack_vector': 'DragonForce encryptor on VMware ESXi hosts',
 'data_breach': {'data_encryption': 'Yes',
                 'data_exfiltration': 'Yes',
                 'type_of_data_compromised': 'Customer data'},
 'date_detected': 'April 2023',
 'date_publicly_disclosed': 'Wednesday (specific date not provided)',
 'description': 'British retailer giant Marks & Spencer (M&S) is bracing for a '
                'potential profit hit of up to £300 million following a recent '
                'cyberattack that led to widespread operational and sales '
                'disruptions.',
 'impact': {'data_compromised': 'Customer data',
            'downtime': 'At least until July',
            'financial_loss': 'Up to £300 million ($402 million)',
            'operational_impact': 'Widespread operational and sales '
                                  'disruptions',
            'systems_affected': 'Online retail systems, VMware ESXi hosts'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, disruption of operations',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'DragonForce'},
 'references': [{'date_accessed': None,
                 'source': 'BleepingComputer',
                 'url': None}],
 'threat_actor': 'Scattered Spider',
 'title': 'Cyberattack on Marks & Spencer',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.