This is not just any ransomware attack

This is not just any ransomware attack….

In Mid-April 2025 retailer Marks & Spencer was hit by a massive ransomware attack which has severely affected their operations.

Food stores were left with empty shelves and online ordering was suspended (and at the end of May 2025 still was). It is estimated that M&S online sales amounted to £3.8m per day. These are now stopped until the position can be resolved.

The effect hit the supply chain as well – one of M&S’s biggest suppliers of sandwiches, rolls and wraps, Greencore, said it was reduced to using pencil and paper to deal with orders.

Back to how it used to be before those pesky computers were invented!

The developers of ransomware software is a group of individuals calling themselves DragonForce. Experts estimate that the attack bears the hall marks of a loosely co-ordinated group of hackers called Scattered Spider who used DragonForce software to carry out their attack.

These groups seem to comprise individuals, some only teenagers, who are connected using internet messaging and other informal channels to launch their attacks.

One major route of entry has been through SMS phishing (smishing) attacks, which is a reminder that the most expensive firewall in the world will still fail if individuals allow malware access through poor behaviour or lack of training.

This isn't just about M&S. Superdry, a fashion retailer, had to suspend shares and delay their financial statements as a result of a separate cyberattack in January 2024. It’s increasingly clear that the next wave of threats to businesses will not just be about market dynamics — but digital vulnerability.

---

🔐 Want to protect your organisation against growing cyber threats?

Cyber Security: Risk Management is a practical 4-hour CPD course that helps accountants and finance professionals understand and manage today’s cyber risks with confidence.