Subj : M&S thinks it might finally know what caused cyberattack - but st To : All From : TechnologyDaily Date : Wed Jul 09 2025 10:45:09 M&S thinks it might finally know what caused cyberattack - but still won't say if it paid a ransom Date: Wed, 09 Jul 2025 09:35:57 +0000 Description: M&S says DragonForce (not DragonForce Malaysia) is responsible for the attack, but we still don't know if a ransom has been paid. FULL STORY ======================================================================M&S chairman Archie Norman attributes recent ransomware attack to DragonForce Law enforcement is still involved, and we don't know any ransom details Norman is calling for greater transparency and cyberattack reporting M&S is still refusing to confirm whether it paid a ransom following a recent major cyberattack , but at least we have an indication of its cause. It's believed the attack was carried out by DragonForce, a ransomware operation believed to be based in Asia or Russia a separate group from hacktivists at the similarly-named DragonForce Malaysia. M&S chairman Archie Norman explained disclosing details of any ransom would not be in the public interest, given that law enforcement agencies are still involved with the case. M&S shares more information on attack "Weve said that we are not discussing any of the details of our interaction with the threat actor," Norman, speaking at a UK Parliament heading on cyberattacks in the retail sector, stressed. We now know the initial breach occurred via social engineering, with the attacker impersonating an M&S worker and tricking a third party into resetting an employee's password. The Financial Times revealed just weeks after the cyberattack that Tata Consultancy Services, a third party that M&S uses to help manage help desk support could have been inadvertently tied up in the breach. Attackers threatened to leak the acquired data, but they also encrypted it from M&S in what's known as a double extortion attack. In May, M&S confirmed that names, birth dates, addresses, phone numbers, household information and order histories were all included. 150GB of data was reportedly stolen before M&S shut down systems to prevent further spread, leading to delivery disruptions. Recovery efforts are still ongoing, with Norman expecting full recovery by October or November 2025. DragonForce has not posted M&S data, possibly implying that a ransom could have been paid or that negotiations are ongoing. Looking ahead, Norman is calling for more transparency around reporting cyberattacks: "We have reason to believe there've been two major cyberattacks on large British companies in the last four months which have gone unreported," he said. Via Reuters You might also like M&S online orders are back following cyberattack - here's what you need to know Enhance protection by using the best authenticator apps We've listed the bets firewall software ====================================================================== Link to news story: https://www.techradar.com/pro/security/m-and-s-thinks-it-might-finally-know-wh at-caused-cyberattack-but-still-wont-say-if-it-paid-a-ransom --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .