Marks & Spencer's Cyberattack Saga: Unpacking the DragonForce Ransomware Intrusion

British retailer Marks & Spencer faced a major setback after a ransomware attack by a group believed to be DragonForce forced them to suspend online services for almost seven weeks. This incident led to significant financial losses and disrupted operations, affecting food supply and increasing waste costs.

Devdiscourse News Desk | Updated: 08-07-2025 16:40 IST | Created: 08-07-2025 16:40 IST

Marks & Spencer's Cyberattack Saga: Unpacking the DragonForce Ransomware Intrusion — This image is AI-generated and does not depict any real-life event or location. It is a fictional representation created for illustrative purposes only.

British retailer Marks & Spencer has identified the group behind the April cyberattack that halted its online shopping operations for almost seven weeks. The incident, attributed to a group called DragonForce, was confirmed by Chairman Archie Norman during a session with Parliament's Business and Trade Committee.

Norman detailed how 'loosely aligned parties' executed the attack, causing chaos for the retailer's systems. A hacking collective known as Scattered Spider, associated with DragonForce, is purported to have been involved, although the attackers never directly communicated their identity.

The disruption significantly impacted M&S, leading to a temporary halt in online clothing orders and a broader operational cost of around 300 million pounds in lost profits. While online operations resumed in June, full service restoration is anticipated in the coming months.

(With inputs from agencies.)