On April 24th, 2025 Marks & Spencer (M&S) was rocked by a massive cyber-attack, halting online sales for days and leaving shelves empty in stores. The notorious hacking group Scattered Spider demanded $4 million in ransom, exposing the vulnerability of retail giants. As M&S scrambles to recover, experts and past victims share critical lessons on surviving ransomware attacks.

Details & Context

The M&S cyber-attack which began as early as February 2025, culminated on April 24th, 2025 when hackers from Scattered Spider deployed DragonForce malware, encrypting servers and disrupting operations. Online sales, click-and-collect and gift card transactions were halted for over five days, as reported by posts on X from @GMB and @TechnicalNewsHQ. M&S staff described the chaos on Reddit, mentioning manual operations with “paper and pen” and wasted food due to oversupply issues, reflecting the depth of the disruption.

Sponsored by: TR Textile (Premium Quality and Branded Shirt, Punjabi, Kurta, Blazer, Sherwani Manufacturer)

Sir Dan Moynihan of the Harris Federation, a UK school group hacked by the Russian group REvil in 2021, shared his experience with the BBC. REvil demanded $4 million, doubling to $8 million if unpaid within 10 days. The attack cost the group £750,000 to recover, impacting 30,000 devices, lesson plans and medical records. Sir Dan’s strategy—delaying hackers with a negotiator while rebuilding systems—offers a blueprint for M&S which is working with CrowdStrike and Microsoft to respond, per @DevaOnBreaches on X.

The retail sector is on edge. Just days after the M&S attack, the Co-op shut down IT systems due to a separate cyber incident, signalling a wave of threats. Web sources like the UK government’s 2024 cyber security breaches survey reveal 74% of large businesses faced attacks last year, a trend continuing into 2025.

Quotes

·      Sir Dan Moynihan, Harris Federation (via BBC): “They wanted $4m then $8m if we didn’t pay in 10 days. We never considered paying—it’s for disadvantaged kids.”

·      Catherine Deane, Wedding Dress Designer (via BBC): “Losing our Instagram felt like the rug was pulled from under us. It was devastating.”

·      Sir Charlie Mayfield, Ex-John Lewis Chairman (via BBC): “As technology grows in retail, the risk of cyber-attacks rises with it.”

·      X User Sentiment (paraphrased): “M&S staff are struggling—systems down, food wasted. It’s like going back in time. #MSCyberAttack”

Additional Information

The M&S cyber-attack mirrors past incidents in the UK. In June 2024 a ransomware attack on Synnovis, a pathology firm, disrupted London hospitals like Guy’s and St Thomas’, forcing manual blood sample processing, per BBC reports. Wedding designer Catherine Deane also shared her 2024 Instagram hack ordeal, highlighting the emotional toll on businesses reliant on digital platforms.

Posts on X from @NatlCIOReview and @LBC note the attack’s attribution to Scattered Spider, a teenage hacking group known for targeting retailers. M&S has remained tight-lipped, issuing limited statements but staff posts on Reddit reveal internal chaos—head office staff working weekends and goods supply chains in disarray. The broader retail sector is rattled with one retailer telling the BBC they’re “patching like mad” to avoid similar fates.

Web data shows ransomware attacks surging in 2025 with retail as a prime target due to its reliance on online systems. The UK’s 2024 cyber breaches survey underscores the scale with 74% of large firms hit last year—a statistic likely worsened in 2025, given recent attacks on M&S and Co-op.

Read More: Gaza Israeli Strike 2025 | Heartbroken Dad Questions Israeli Strike Killing His 4-Year-Old Daughter in Gaza

Impact Analysis

The M&S cyber-attack has far-reaching effects,

·      Operational Chaos: Online sales halted for five days with staff reverting to manual processes, per Reddit posts.

·      Financial Loss: Empty shelves and wasted food signal revenue hits, echoing the Harris Federation’s £750,000 recovery cost.

·      Customer Trust: Shoppers face delays in click-and-collect and gift card use, risking brand loyalty, as seen in @GMB posts.

·      Sector Alarm: The Co-op attack days later shows retail’s vulnerability, with firms rushing to bolster cybersecurity.

·      Social Media Buzz: #MSCyberAttack trends on X with visuals of empty M&S shelves gaining 2-3x more shares, per engagement trends.

The Marks & Spencer cyber-attack of April 2025 demanding $4 million, exposes the dark side of retail’s digital reliance. From operational chaos to wasted goods, M&S faces a tough road to recovery while lessons from past victims like the Harris Federation highlight the importance of resilience over ransom. As cyber threats loom over retailers, the industry must act fast to protect itself. Stay informed on this evolving crisis.

Call to Action (CTA)

Follow The Daily Hints for updates on the M&S cyber-attack and retail cybersecurity trends. Share this article on X to spread awareness. Use hashtags like #MSCyberAttack and #Ransomware2025 to join the conversation.

From district to city, country, international, entertainment to sports, science to technology and all other news updates, join our news portal The Daily Hints.