Marks & Spencer DragonForce ransomware (Scattered Spider, 2025)
Social-engineering of a third-party service desk gave Scattered Spider a domain administrator, which they used to deploy DragonForce ransomware on M&S's VMware ESXi estate at Easter 2025 — knocking out contactless payments, Click & Collect, and online ordering for over six weeks.
- Victim
- Marks & Spencer
- Loss
- $550.0M