Jamie MacColl comments on the Marks and Spencer cyber incident

"Marks and Spencer, one of the UK largest retailers, has been disrupted by a suspected ransomware attack for more than a week."

"The incident has disrupted online orders and contactless payments, which in turn will Marks and Spencer’s revenues and its reputation with customers. Mitigating the effects of the incident will also likely be creating significant stress for staff – not only IT staff attempting to recover key systems or data, but also shop floor workers having to deal with angry customers. Our prior research on ransomware has emphasised how incidents create cascading harms that not only affect the financial and reputational standing of companies, but also the psychological and physical wellbeing of staff."

"Although no criminal group has claimed responsibility for the attack so far, recent media reporting has linked it to Scattered Spider, a loose network of young, English-speaking cybercriminals from the US, Canada and UK. Unlike most cybercriminals, individuals associated with Scattered Spider activity care about status and prestige as much as money, and have largely gone after very large, high-profile victims such as MGM Resorts and Caesars casino in Las Vegas. For the time being, we should treat any attribution of the Marks and Spencer attack with some degree of scepticism."

Disorder podcast episode: Ep.110 Ransomware in our age of Disorder with Jamie MacColl

RUSI Occasional Paper: Ransomware: Victim Insights on Harms to Individuals, Organisations and Society

Commentaries
Organised Cybercrime: The Rise of Ransomware as a National Security Threat

Beyond the Bottom Line: The Societal Impact of Ransomware