The British retail giant Marks & Spencer Group Plc. is still reeling from a devastating cyberattack that has left its systems in shambles, with hackers using a potent kind of malware known as DragonForce to lock down some of the company's systems and render them inaccessible.
For over a week now, Marks & Spencer has been struggling to recover from what it calls a "cyber incident," which has resulted in the disruption of online orders, payment processing, and even gaps on store shelves. The company has paused contact-less payments and halted "click and collect" orders, leaving customers unable to order products online or pick them up at stores.
According to people familiar with the matter, who spoke on condition of anonymity as they were not authorized to share information about the investigation, a group of suspected cybercriminals hit Marks & Spencer with a ransomware attack using DragonForce. This kind of malware is known to encrypt files on victims' computers and demand payment in cryptocurrency to unlock them.
The creators of DragonForce, whose identities are still unknown, operate like a criminal cartel, leasing out their malicious software and infrastructure to other hackers while taking a cut of any proceeds earned through extortion. Cybersecurity experts warn that this type of attack is becoming increasingly common, with hackers working with DragonForce claiming more than 90 victims last year and targeting companies across various industries.
The attacks spanned more than a dozen countries across North America, Europe, the Middle East, and Asia, according to cyber experts. Marks & Spencer shares have fallen 6.2% in London since the incident was reported on April 22, and the company's ability to process contact-less payments has been severely impacted.
The company has hired external cybersecurity experts to assist with investigating and managing the incident. "We are taking actions to further protect our network and ensure we can continue to maintain customer service," Marks & Spencer said in a statement. However, with temperatures currently rising in the UK, the cyber incident means that Marks & Spencer is missing out on online sales of its Spring-Summer range.
"The impact on first quarter profits without a doubt," said Kate Calvert, an analyst at Investec. "Online makes up the smaller proportion of the business, but the longer online orders are halted, the more it weighs on the business."
The retailer prides itself on offering consumers a so-called 'omnichannel' approach where they can buy both in stores and online. With web or app-based sales accounting for about 30% of the retailer's UK clothing and home sales last year, the longer online orders are halted, the more it weighs on the business.
In a shocking move, hundreds of agency staff at Marks & Spencer's main clothing and home warehouse were told not to come in on Monday as the company battles the problem. The cyber incident has left customers frustrated, with reports of empty shelves and a lack of availability for some items.
As the situation continues to unfold, one thing is clear: Marks & Spencer's online platform is facing a significant setback, and the company must act quickly to recover from this devastating cyberattack.