M&S Faces Challenges Following Cyber Attack by Scattered Spider

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 
April 30, 2025 3 min read

M&S Cyber Attack Overview

Ransomware attack on M&S
Image courtesy of Computer Weekly

Marks and Spencer (M&S) has been facing a significant cyber attack linked to the Scattered Spider hacking collective, which has disrupted its systems and caused serious operational issues. Reports suggest that Scattered Spider may have compromised M&S's systems back in February 2025, gaining access to sensitive files such as the NTDS.dit file, which contains critical information for Windows Active Directory operations. This breach has allowed the attackers to infiltrate M&S's Windows domain and deploy a ransomware called DragonForce, which has severely affected M&S's e-commerce capabilities and contactless payment systems.

According to Bleeping Computer, the initial disruption began on April 22, 2025, leaving customers unable to use click-and-collect services and forcing M&S to suspend online shopping. The attack has resulted in substantial financial losses, with reports indicating potential ransom demands around £10 million. M&S has sought assistance from cybersecurity firms including Microsoft and CrowdStrike to manage the incident.

Details of the Incident

M&S
Image courtesy of Retail Gazette

The cyber incident has been characterized as a ransomware attack, which involves hackers locking access to a company's data until a ransom is paid. M&S's Chief Executive, Stuart Machin, stated that the company is making necessary adjustments to its operations to manage the situation. External cybersecurity experts are involved in the investigation and recovery process, and M&S has reported the incident to the UK’s National Cyber Security Centre (NCSC). In-store services have also been impacted, with disruptions to contactless payments and gift card usage noted.

M&S has communicated that there is no immediate action required from customers, although they have been advised to remain vigilant regarding their personal information. Security experts have indicated that the ongoing nature of the incident suggests it is likely a sophisticated ransomware event. Professor Alan Woodward from Surrey University noted that recovering from such a complex attack takes significant time and expertise, especially given M&S's extensive operational systems.

Nature of Scattered Spider

A white sign on the door of a Marks and Spencer branch in London reads "our digital click & collect service is temporarily unavailable"
Image courtesy of BBC News

Scattered Spider is noted for its unique structure, comprising mainly English-speaking members, and operates more like a loosely connected network than a traditional organized crime group. The collective has previously been involved in high-profile attacks and is known for its aggressive tactics. Trend Micro's Robert McArdle described their operational style, likening it to hacktivist groups such as Anonymous.

The growing threat from Anglophone cybercriminals like Scattered Spider poses significant challenges for organizations. Their attacks are often characterized by brazen methods, including threats to individuals associated with victims, as reported in various incidents.

M&S Response and Recovery Challenges

A close-up photo of the Marks and Spencer website shows a black banner with white font informing visitors: "We have paused online orders".
Image courtesy of BBC News

M&S's response to the attack has included pausing online orders and deliveries, leading to empty shelves in some stores. The retailer has not disclosed specific details about the attack's nature or the timeline for recovery, leading to speculation about the severity of the breach. Experts suggest that ransomware incidents like this can severely disrupt operations and require extensive effort and expertise to contain and resolve.

Cybersecurity professionals recommend against paying the ransom, as it does not guarantee data recovery and may encourage further attacks. It is essential for businesses to have robust cybersecurity measures in place, including real-time monitoring and threat detection, to minimize the risks associated with such breaches.

In the face of this challenge, companies like GrackerAI offer AI-powered cybersecurity marketing solutions that can help organizations transform security news into strategic content opportunities. By leveraging insights from incidents like the M&S cyber attack, GrackerAI enables marketing teams to stay ahead of emerging trends and craft targeted communications that resonate with cybersecurity professionals and decision-makers.

Explore GrackerAI's services to enhance your cybersecurity marketing strategy and stay informed about industry developments: GrackerAI.

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 

Cybersecurity veteran and serial entrepreneur who built GrackerAI to solve the $500K content marketing waste plaguing security companies. Leads the mission to help cybersecurity brands dominate search results through AI-powered portal ecosystems.

Related Articles

2025 Nonprofit Marketing Trends: AI Strategies & Best Practices

Social media is a powerful tool for nonprofit organizations to connect with their target audiences. The evolving landscape of these platforms necessitates staying updated on best practices for optimal engagement and impact.

By Hitesh Kumawat July 23, 2025 5 min read
Read full article

Unlocking Business Potential: The Role of Chief Content Officers

Chief content officers (CCOs) are increasingly common in non-media companies, driven by the growing demand for unbranded content that resonates with consumers. Over 50 non-media companies, including Airbnb and HP, have appointed CCOs to foster authentic connections with their audiences. These roles differ significantly from traditional marketing positions, focusing on producing credible, independent content that builds trust. Angela Matusik from HP states, “This is not about steering people directly to purchase. It’s about creating long-term relationships with consumers.”

By Govind Kumar July 23, 2025 3 min read
Read full article

Revamping Corporate Sustainability: Beyond Checkboxes to Impact

Sustainability has become essential for businesses, transitioning from a secondary consideration to a core corporate strategy. Companies that view sustainability merely as a checkbox risk falling behind in today's market. A PwC survey indicates over 80 percent of consumers are concerned about climate change. As sustainability expectations shift, leaders are urged to build innovative ecosystems and enhance product offerings.

By Abhimanyu Singh July 22, 2025 3 min read
Read full article

AI Revolutionizes Content Creation in Digital Marketing & SaaS

The rise of artificial intelligence (AI) is transforming digital marketing strategies, making content creation more efficient. AI content writers provide innovative solutions for generating engaging and informative content at scale. These advancements in technology enable businesses to reach wider audiences with personalized messaging, which enhances engagement and conversion rates.

By Ankit Lohar July 22, 2025 3 min read
Read full article