Marks & Spencer Halted by April DragonForce Ransomware Attack

Marks & Spencer suffered a significant cyberattack in April 2025, attributed to the ransomware group DragonForce, which operates primarily out of Asia and is linked with the hacking collective Scattered Spider. This attack forced M&S to suspend online clothing orders for nearly seven weeks, resulting in an estimated loss of around £300 million in operating profit, with ongoing recovery efforts expected to continue for months. Chairman Archie Norman described the attack as 'traumatic' and emphasized that M&S chose not to negotiate directly with the attackers, instead relying on cybersecurity professionals. The disruption also impacted other operations such as food availability and increased logistics costs, with partial restoration of services underway but full recovery pending. Meanwhile, a turf war between ransomware groups like DragonForce and RansomHub is escalating within the cybercrime ecosystem, raising concerns about potential double extortion demands that could exacerbate the challenges faced by corporate victims. Experts warn that this instability in the ransomware landscape could lead to more frequent and damaging attacks on organizations lacking robust security measures.