British retailer Marks & Spencer believes the ransomware operation behind the April cyberattack which forced it to suspend online shopping for nearly seven weeks was a group called ‘DragonForce’, its chairman said.
Archie Norman told lawmakers on parliament’s Business and Trade Committee that “loosely aligned parties” worked together on the cyberattack.
“We believe in this case there was the instigator of the attack and then, believed to be DragonForce, who were a ransomware operation based we believe in Asia.”
A hacking collective known as Scattered Spider that deploys ransomware from DragonForce, has previously been blamed in the media for the attack.
“When this happens you don’t know who the attacker is, and in fact they never send you a letter signed Scattered Spider, that doesn’t happen,” said Norman.
He said M&S didn’t hear from the threat actor for about a week after it penetrated the retailer’s systems.
Cyberattack
As part of its management of the cyberattack, M&S stopped taking online clothing orders and also took other systems offline. That reduced food availability and also resulted in higher waste and logistics costs.
In May, M&S said the attack would cost it about £300 million (€347.5 million) in lost operating profit.
The group resumed taking online orders for clothing lines on 10 June after a 46-day suspension but is yet to restore click-and-collect services.
Last week, M&S CEO Stuart Machin told investors the group would be over the worst of the fallout from the attack by August.
Marks & Spencer’s food business saw sales growth slow to 9.1% over the 12 weeks to June 14 year-on-year, reflecting the disruption that followed a cyberattack in April.
