The unfortunate truth: Your company is not prepared for a cyberattack.

The recent Marks & Spencer hack has once again, shown companies are vulnerable to ransomware attacks, resulting in financial and reputational disaster.

What happened and how did they do it?

A sophisticated hacking group, believed to be ‘Scattered Spider’, who are notorious for using ransomware to lock systems. As early as February 2025, the threat actor contacted Marks & Spencer’s third-party IT service desk, and utilised social engineering tactics, they gained access to their internal servers.

The threat actors then stole the Windows domain NTDS.dit file which contained password hashes for employee accounts. They entered the network over the following weeks and deployed the ransomware tool ‘Dragon Force’ to encrypt virtual machines, locking M&S out and forcing them to disable contactless payments and cancel click & collect orders. This resulted in a loss of 40m per week.

It is worth noting, another hacking group, based in Malaysia and known as ‘Dragon Force’ have come forward to claim responsibility. However, ‘Scattered Spider’ are still believed to be the most likely culprit.

The financial and reputational impacts

Roughly 300m is expected to be lost due to the attack, wiping out 1/3 of M&S’ annual profits, with the business not expected to fully recover until July 2025. To make matters worse, the company has confirmed thousands of customers’ personal information, such as email addresses, home addresses, date of birth and order history has also been stolen.

M&S could face further financial pain if the Information Commissioner’s Office (ICO), which enforces data protection decides to fine the company. As of this week, (19/05/2025) Thompson Solicitors are launching a class action suit against M&S for failing to properly protect customer data, leaving victims open to future scams.

A growing trend: Anyone could be a target

Unfortunately, cyberattacks are now the norm in a digital world. The UK Government stated 74% of businesses in the UK were targeted by cyberattacks in 2024, a staggering increase from 32% in 2023 [UK GOV].

Importantly, this type of attack can happen to any business, no matter what size, with both Harrods and Co-op reporting similar attempted cyberattacks recently.

Despite M&S staff undergoing simulation training, the threat actors still managed to gain access to company servers. Emphasising the fact that you may feel prepared to deal with a sophisticated cyberattack, but many are not.

How crypto plays a part

Crypto continues to play a crucial role in ransomware attacks, often required as part of the ransom to un-encrypt devices, as it allows the threat actors to receive payments anonymously. This makes it extremely difficult for police to trace transactions and identify the perpetrators, but where REKTify excels. REKTify has the capability to track transactions, deploying a binding digital freeze order on any illicit wallets moving stolen funds. Preventing the cyber criminals off-loading the crypto into fiat currency via Centralised Exchanges (CEX) is a vital juncture in the asset recovery process.

The wake-up call

Cybersecurity must be a priority for all companies. Our end-to-end solution helps protect companies falling victim to ransomware attacks. We can provide comprehensive employee training, with realistic attack exercises and 24/7 crypto wallet monitoring capabilities, alerting us or the owner of any moving funds – allowing for rapid response to trace, locate, freeze and recover your stolen assets.