M&S thinks it might finally know what caused cyberattack - but still won't say if it paid a ransom

M&S chairman Archie Norman attributes recent ransomware attack to DragonForceLaw enforcement is still involved, and we don't know any ransom detailsNorman is calling for greater transparency and cyberattack reportingM&S is still refusing to confirm whether it paid a ransom following a recent major cyberattack, but at least we have an indication of its cause.It's believed the attack was carried out by DragonForce, a ransomware operation believed to be based in Asia or Russia – a separate group from hacktivists at the similarly-named DragonForce Malaysia.M&S chairman Archie Norman explained disclosing details of any ransom would not be in the public interest, given that law enforcement agencies are still involved with the case.M&S shares more information on attack"We’ve said that we are not discussing any of the details of our interaction with the threat actor," Norman, speaking at a UK Parliament heading on cyberattacks in the retail sector, stressed.We now know the initial breach occurred via social engineering, with the attacker impersonating an M&S worker and tricking a third party into resetting an employee's password.The Financial Times revealed just weeks after the cyberattack that Tata Consultancy Services, a third party that M&S uses to help manage help desk support could have been inadvertently tied up in the breach.Attackers threatened to leak the acquired data, but they also encrypted it from M&S in what's known as a double extortion attack. In May, M&S confirmed that names, birth dates, addresses, phone numbers, household information and order histories were all included.150GB of data was reportedly stolen before M&S shut down systems to prevent further spread, leading to delivery disruptions. Recovery efforts are still ongoing, with Norman expecting full recovery by October or November 2025.DragonForce has not posted M&S data, possibly implying that a ransom could have been paid or that negotiations are ongoing.Looking ahead, Norman is calling for more transparency around reporting cyberattacks: "We have reason to believe there've been two major cyberattacks on large British companies in the last four months which have gone unreported," he said.Via ReutersYou might also likeM&S online orders are back following cyberattack - here's what you need to knowEnhance protection by using the best authenticator appsWe've listed the bets firewall software