Retail giant Marks & Spencer (M&S) has reportedly suffered a major cyberattack by ransomware group DragonForce, who sent a direct, abusive email to CEO Stuart Machin and several top executives. The message, sent from a compromised employee account on April 23, contained disturbing language and confirmed for the first time that the company’s servers had been encrypted, leaving M&S unable to process online orders for more than six weeks. The hackers claimed to have stolen customer data and shared a darknet link for ransom negotiations, suggesting they were aware of M&S’s cyber-insurance coverage.

The attack allegedly originated through the compromised account of an employee from Tata Consultancy Services (TCS), which provides IT services to M&S. Although the email appeared to come from the employee’s M&S address, TCS has denied any involvement, stating the message was not sent through their systems. Neither M&S nor TCS has publicly confirmed details about the breach, but cyber-security experts have verified the authenticity of the email seen by BBC News.

DragonForce, which has also claimed responsibility for a recent cyberattack on Co-op, is known for providing ransomware tools and extortion services to affiliates. Experts suspect links to the notorious Scattered Spider collective—a loosely organized group of mostly Western teens using platforms like Discord and Telegram. The UK’s National Crime Agency is investigating the group, while the hackers behind the retail attacks continue to threaten further disruption, stating, “We’re putting UK retailers on the Blacklist.”

Pic Courtesy: google/ images are subject to copyright