It’s now been more than a week of chaos for Marks and Spencer (M&S), one of the UK’s biggest brands, following what – it is now obvious – is a significant cyber attack.
It has cost it millions of pounds in lost sales and a lower share price.
M&S has not said what or who knocked out its online ordering systems, paused deliveries and left empty shelves in stores.
The BBC has been told by security experts that ransomware called DragonForce was used in the attack.
Ciaran Martin, the founding Chief Executive of the National Cyber Security Centre, said it had “serious” consequences for M&S.
“This is a pretty bad episode of ransomware,” he said.
“It is a highly disruptive event and a very difficult one for them to deal with.”
Mr Martin, who is now a professor at Oxford University, said M&S does not have many choices, whether it chooses to talk to the gang responsible for the attack or not.
“Even organisations that pay a ransom – because this is a bunch of criminals who can’t be trusted – sometimes find it doesn’t work,” he said.
“In organisations that don’t pay, you have to try to restore things and activate backups, and that’s very complicated.”
Source: BBC News