CyberSecurityBoard
Sponsor Register Login

DragonForce Ransomware Hits Harrods, Marks and Spencer, Co-Op & Other UK Retailers

The UK’s National Cyber Security Centre has urged all retailers to strengthen their cybersecurity measures and advised consumers to monitor banking activities and update passwords. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These attacks have caused significant operational disruptions and financial losses, marking one of the most substantial cyber campaigns against British retail in recent history. As these attacks continue to unfold, they serve as a stark reminder of the evolving threat landscape and the critical importance of robust cybersecurity practices for all organizations, particularly those handling sensitive customer data. Internal communications revealed Co-op employees were instructed to keep cameras active during Teams meetings and verify participant identities, suggesting attackers had breached internal communication channels. This move positions DragonForce as a “Ransomware Cartel,” providing infrastructure and malware while affiliates conduct operations. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. The attackers deployed the DragonForce encryptor against M&S’s VMware ESXi hosts, encrypting virtual machines supporting e-commerce and payment processing systems. The Co-op Group confirmed on May 2nd that hackers had accessed and extracted customer data, including names and contact information of Co-op members. Harrods announced on May 1st that its systems had also been targeted, though the luxury retailer acted swiftly to contain the breach, limiting internet access at its locations as a precautionary measure. In early 2025, DragonForce introduced a “white-label” service allowing affiliates to disguise attacks under different ransomware brands. The group’s ransomware uses strong encryption algorithms including AES-256 and RSA, with newer variants employing the ChaCha8 algorithm for faster encryption. She is covering various cyber security incidents happening in the Cyber Space. The malware attempts to escalate access to SYSTEM-level by exploiting Access Token Manipulation, using DuplicateTokenEx() and CreateProcessWithTokenW() functions. The group has been linked to exploiting several CVEs, including the notorious Log4Shell vulnerability (CVE-2021-44228). This led to a five-day suspension of online sales, resulting in estimated daily losses of £3.8 million and a market value drop exceeding £500 million.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 06 May 2025 13:30:18 +0000


Cyber News related to DragonForce Ransomware Hits Harrods, Marks and Spencer, Co-Op & Other UK Retailers

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
2 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
Major Retail Chains Suffer Data Breaches Amid Rising Cyber Threats to Consumer Trust - These incidents, occurring amid a 52% year-over-year rise in retail cyber vulnerabilities according to a 2025 survey, highlight the escalating risks facing an industry that processes billions of sensitive customer transactions annually. At M&S, ...
1 week ago Cybersecuritynews.com Hunters Scattered Spider
DragonForce Ransomware Hits Harrods, Marks and Spencer, Co-Op & Other UK Retailers - The UK’s National Cyber Security Centre has urged all retailers to strengthen their cybersecurity measures and advised consumers to monitor banking activities and update passwords. Cyber Security News is a Dedicated News Platform For Cyber ...
2 weeks ago Cybersecuritynews.com CVE-2021-44228 Dragonforce
Harrods the next UK retailer targeted in a cyberattack - In a statement shared with BleepingComputer, Harrods says threat actors recently attempted to hack into their systems, causing the company to restrict access to sites. However, an internal email sent by Chief Digital and Information Officer Rob ...
3 weeks ago Bleepingcomputer.com Dragonforce Scattered Spider
Harrods the next UK retailer targeted in a cyberattack - In a statement shared with BleepingComputer, Harrods says threat actors recently attempted to hack into their systems, causing the company to restrict access to sites. However, an internal email sent by Chief Digital and Information Officer Rob ...
3 weeks ago Bleepingcomputer.com Scattered Spider Dragonforce
Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News - Responding to unconfirmed reports that Marks & Spencer was impacted by a ransomware attack — something the committee has complained the government isn’t doing enough to address – Western said: “Ransomware is a real and growing threat to ...
2 weeks ago Therecord.media
UK shares security tips after major retail cyberattacks - However, BleepingComputer has learned that both the M&S and Co-op attacks have been attributed to hackers utilizing tactics commonly associated with Scattered Spider, Lapsus$, and other threat actors who frequent the same Telegram channels, ...
2 weeks ago Bleepingcomputer.com Scattered Spider LAPSUS$ Dragonforce
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Harrods Store Hit by Cyber Attack Following Marks & Spencer and Co-op - Harrods issued a statement on Friday morning, acknowledging that its systems were compromised in a “targeted cyber incident.” The store assured customers that its operations remain unaffected, with its physical and online stores ...
2 weeks ago Cybersecuritynews.com
Marks & Spencer confirms a cyberattack as customers face delayed orders - "Marks and Spencer Group plc (the Company, or M&S) has been managing a cyber incident over the past few days," reads the M&S statement. Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days ...
4 weeks ago Bleepingcomputer.com
DragonForce Ransomware Gang Prompts Ohio Lottery to Shut Down - On 25 December 2023, the Ohio Lottery faced a major cyberattack, as a result, they had to shut down some crucial systems related to the undisclosed internal application. The threat actors behind the breach are the DragonForce ransomware group. While ...
1 year ago Cysecurity.news Dragonforce
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
DragonForce - The Rise of a Hybrid Cyber Threat in The Ransomware Landscape of 2025 - This opportunistic expansion coincides with a historic surge in global ransomware activity, with Check Point’s State of Ransomware Q1 2025 report documenting 2,289 publicly named ransomware victims in just the first quarter – representing ...
2 weeks ago Cybersecuritynews.com Dragonforce Ransomhub
Marks & Spencer pauses online orders after cyberattack - On Wednesday, M&S also informed customers that the cyberattack disrupted some of its services, including contactless payments and Click & Collect orders in stores, and it was also causing delays in online order delivery. M&S first ...
3 weeks ago Bleepingcomputer.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
Ransomware Groups Allegedly Breach IT Networks, Stealing Data from UK Retailers - A notorious ransomware group dubbed DragonForce has claimed responsibility for a series of cyber attacks targeting major UK retailers, with Co-op now confirming a significant data breach affecting its membership database. In response to these ...
2 weeks ago Cybersecuritynews.com Dragonforce
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com
Hackers behind UK retail attacks now targeting US companies - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated ...
1 week ago Bleepingcomputer.com Scattered Spider Dragonforce
UK Legal Aid Agency investigates cybersecurity incident - The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. The UK National Crime ...
2 weeks ago Bleepingcomputer.com Dragonforce
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
7 months ago Securelist.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)