A email has come to light sent to the boss of Marks & Spencer from a now notorious gang of online hackers called DragonForce, who are also believed to be behind an attack on the Co-op
A gloating email from a gang of cyber hackers to Marks & Spencer has emerged. The message – to M&S boss Stuart Machin – confirms for the first time that retailer had been targeted by the ransomware group.
In it, they wrote: “We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers.” It then says “The dragon wants to speak” before giving a link to the darknet – – a hidden part of the internet.
The email, seen by the BBC, was sent on April 23 from the hacker group called DragonForce. The gang apparently used the account of an employee from the Indian IT giant Tata Consultancy Services, which has provided IT services to M&S for over a decade.
M&S has been left reeling by the cyber attack, which has seen its online clothing, homewares and beauty sales for more than six weeks. The retailer has already estimated it could wipe £300million off its annual profits.
Online has become an increasingly important to M&S – as for other retailers – and had more than 10 million “active” customers and over £1.3billion a year of sales.
READ MORE: Tesco confirms huge shake-up to opening hours across some UK supermarket storesREAD MORE: Over 800,000 families get up to £4,000 boost through HMRC scheme – check if you can claim
According to the BBC, the email is in broken English and includes a racist term. It was sent to Mr Machin and seven other executives. As well as bragging about infecting M&S’s IT systems with ransomware, they also claim to have stolen the private data of millions of customers.
A link in the email connects to a portal on the so-called darknet for DragonForce, the ransomware used in the attack. The hackers wrote: “let’s get the party started. Message us, we will make this fast and easy for us.” The message also appears to suggest the crooks may have details about M&S’s cyber insurance policy, saying “we know we can both help each other handsomely : ))”. M&S has said insurance should reduce the overall £300million hit. M&S has refused to say if the company has paid a ransom to the hackers.
M&S is among a wave of companies struck by ransomware – a form of malicious software designed to burrow into companies’ systems, steal commercially sensitive information, which is then locked, with crooks demanding their victims pay money before handing them the key. The Co-op and Harrods have also been hit recently. The gang has previously claimed the Co-op narrowly avoided being locked out of its own computer systems.
On May 21, M&S said it hoped to resume online sales “within weeks”. It also warned its operations could be out of action until as late as July, though it expected to begin resuming orders sooner than that.
The gang known as DragonForce has been implicated in the first two of those, but speculation is rife about who -or what -it is. While it seems to have first emerged up to two years, experts say they use operate in a similar way to others that specialise in creating ransomware
Another gang known as Scattered Spider -with members said to be aged as young as 16 -is said to have used DragonForce’s ransomware in the M&S attack. DragonForce’s rumoured link to Russia has been fuelled by the fact that a number of other ransomware attacks have been launched from the country in the past.
Other reports have linked DragonForce to a pro-Palestinian group located in Malaysia. There has also been speculation about the group’s motives, and that they could be political in some way.
READ MORE: Top Tech: Nintendo Switch 2 fans can save £185 with older OLED deal
