Skip to content
Redstor Logo
Request Pricing Get In Touch

Hit enter to search or ESC to close

Top searches

M&S is in chaos. In the space of a week, a cyberattack has wiped more than £700 million off the company’s stock market valuation. Contactless payments have been halted, Click & Collect orders paused, and online orders suspended until further notice.

The fallout highlights the devastating consequences that businesses can face in the modern digital landscape. Companies that lack adequate cyber resilience are only ever one mistake away from catastrophe. The damage can take years to recover from. Many businesses never recover at all.

What caused the M&S cyberattack?

Reports suggest that the perpetrator of the hack is ‘Scattered Spider’, a ransomware group renowned for its social engineering and phishing attacks. The M&S incident is believed to be a ransomware attack that used the DragonForce encryptor to cripple the company's virtual machines.

The initial breach reportedly occurred back in February, when Scattered Spider gained access to M&S’s NTDS.dit file – the main Windows database for Active Directory Services. Among the group’s former victims is MGM Resorts, which was hit by a social engineering attack when hackers impersonated an employee calling the company's IT help desk. It remains unclear how the group gained access to the NTDS.dit file in this instance.

What happens next?

There is no indication of when M&S will restore normal operations. If ransomware has been deployed as reported, the company will be facing up to the possibility of paying a ransom to regain access to its servers. However, the evidence suggests that even paying the ransom demand offers no guarantee that M&S will get all its data back. The longer the delay persists, the worse the consequences.

Customers will also have to remain vigilant over the coming weeks. If customer data has been accessed during the attack, phishing emails are likely to follow. Furthermore, people should monitor their online accounts and bank statements for suspicious activity.

How can cyberattacks be prevented?

As businesses assess how to protect themselves in the wake of the M&S incident, it’s clear that robust backup and recovery solutions are essential. Redstor's cloud-first data protection solutions are specifically designed to address the challenges presented by ransomware attacks:

  • Immutable, air-gapped backups: Storing backups in a secure, isolated environment prevents unauthorised access and ensures data integrity, even if primary systems are compromised. ​
  • InstantData™ Technology: This feature allows for immediate access to backup data, enabling businesses to restore operations swiftly without waiting for full data recovery.
  • Malware detection: Redstor uses advanced software to detect and remove malware from backups, ensuring that restored data is clean and safe.
  • Comprehensive data coverage: Redstor provides protection across various platforms, including Microsoft 365, Azure VMs, Entra ID, and Google Workspace, to safeguard critical data.

Protect your business today

The M&S incident highlights the necessity for organisations to adopt proactive cyber security measures. Implementing Redstor's backup and recovery solutions can help businesses:​

  • Ensure business continuity: By enabling rapid data recovery, companies can maintain operations even during cyber incidents.​
  • Avoid ransom payments: With secure backups, businesses can restore data without succumbing to ransom demands.​
  • Maintain customer trust: Swift recovery minimises service disruptions, preserving customer confidence and brand reputation.

Don’t let data loss be your downfall. Get in touch today to learn how Redstor can help secure your business’s future.