Marks & Spencer and Jaguar Land Rover: Over 300 UK Firms Hit by Ransomware in a Year

Marks & Spencer and Jaguar Land Rover: Over 300 UK Firms Hit by Ransomware in a Year

UK SMEs Hit Hardest as Ransomware Attacks Surge in 2025-26

UK organizations faced an average of 26 successful ransomware attacks per month between April 2025 and March 2026, with small and mid-sized enterprises (SMEs) bearing the brunt of the impact. According to data from Report Fraud, a cybercrime and fraud reporting service operated by City of London Police, 323 corporate victims reported incidents during the period over half of which were SMEs.

Financial losses from these attacks rose sharply, increasing 50% year-on-year to approximately £270,000 ($357,000) per incident. However, authorities acknowledge this figure is likely an underestimate, as many businesses do not disclose the full extent of their losses. Among sectors that identified themselves, manufacturing reported the highest number of attacks (42), followed by scientific and technical services (21) and education (19).

The UK’s ransomware crisis escalated in 2025, with high-profile breaches at companies like Marks & Spencer, Co-op Group, and Jaguar Land Rover. The attack on Jaguar Land Rover was attributed to Russian hackers, with experts suggesting the motive may have been sabotage rather than financial gain.

Despite the rising threat, reporting remains inconsistent. Security experts, including Talion CEO Kevin Knight, warn that paying ransoms is often ineffective, as attackers frequently fail to return data in usable form or at all. Meanwhile, the UK government continues to debate mandatory ransomware reporting and a potential ban on payments for public sector and critical infrastructure organizations. Until such measures are implemented, the true scale of the problem will likely remain obscured.

Source: https://www.infosecurity-magazine.com/news/over-300-uk-firms-hit-ransomware/

Marks and Spencer cybersecurity rating report: https://www.rankiteo.com/company/marks-and-spencer

JLR cybersecurity rating report: https://www.rankiteo.com/company/jaguar-land-rover_1

"id": "MARJAG1782807847",
"linkid": "marks-and-spencer, jaguar-land-rover_1",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'location': 'UK',
                        'name': 'Marks & Spencer',
                        'size': 'large',
                        'type': 'corporate'},
                       {'location': 'UK',
                        'name': 'Co-op Group',
                        'size': 'large',
                        'type': 'corporate'},
                       {'industry': 'manufacturing',
                        'location': 'UK',
                        'name': 'Jaguar Land Rover',
                        'size': 'large',
                        'type': 'corporate'},
                       {'industry': ['manufacturing',
                                     'scientific and technical services',
                                     'education'],
                        'location': 'UK',
                        'size': 'small/medium',
                        'type': 'SME'}],
 'date_publicly_disclosed': '2025-2026',
 'description': 'UK organizations faced an average of 26 successful ransomware '
                'attacks per month between April 2025 and March 2026, with '
                'small and mid-sized enterprises (SMEs) bearing the brunt of '
                'the impact. Financial losses rose sharply, increasing 50% '
                'year-on-year to approximately £270,000 ($357,000) per '
                'incident. High-profile breaches included Marks & Spencer, '
                'Co-op Group, and Jaguar Land Rover.',
 'impact': {'financial_loss': '£270,000 ($357,000) per incident'},
 'lessons_learned': 'Paying ransoms is often ineffective, as attackers '
                    'frequently fail to return data in usable form or at all.',
 'motivation': ['financial gain', 'sabotage'],
 'recommendations': 'UK government is debating mandatory ransomware reporting '
                    'and a potential ban on payments for public sector and '
                    'critical infrastructure organizations.',
 'references': [{'source': 'Report Fraud (City of London Police)'}],
 'threat_actor': 'Russian hackers',
 'title': 'UK SMEs Hit Hardest as Ransomware Attacks Surge in 2025-26',
 'type': 'ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.