'they Wanted $4m': Lessons For M&s From Other Cyber Attacks

As Marks & Spencer (M&S) - and its customers - proceed to reel from a awesome cyber attack, different group who person gone done akin experiences person been sharing what it is for illustration to beryllium targeted by hackers.

"It was an absolute nightmare", says Sir Dan Moynihan. He is nan Senior Executive Principal and Chief Executive of nan Harris Federation, a group of 55 schools successful nan London and Essex area.

It was hacked successful 2021 - Sir Dan told nan Today programme, connected BBC Radio 4, that nan culprits were nan Russian ransomware crime group REvil.

"Their intent was to blackmail america into paying 4 cardinal dollars successful cryptocurrency wrong 10 days," he said.

"If we didn't salary successful 10 days, they wanted 8 million."

The hack caused chaos. Sir Dan said nan group mislaid school materials, instruction plans and registration systems.

More importantly, they besides mislaid aesculapian records and moreover nan occurrence and telephone systems were affected.

The finances of nan schoolhouse group were hit. Staff, and bills, were near unpaid.

M&S has besides been targeted pinch ransomware - malicious package which locks an proprietor retired of their machine aliases web and scrambles their data.

The criminals past request a interest to unlock it. Sir Dan says it was a request he resisted.

Instead, nan schoolhouse group approached a patient of cyber specialists who employed a hostage negotiator. That individual past took connected nan domiciled of an inexperienced schoolhouse bursar - an administrator - who pretended to not cognize what was going on.

They took up negotiations pinch nan hackers, pinch nan intent of delaying them for arsenic agelong arsenic imaginable truthful nan schoolhouse group could rebuild its systems.

"The Russians had stolen information from america - they didn't show america what - and they threatened to put this worldly up connected nan acheronian web and origin america awesome embarrassment, and secondly they would fastener down our systems."

Sir Dan said it took nan Harris Federation 3 months to get everything moving again, astatine nan costs of £750,000. Among nan activity was 30,000 devices that needed to beryllium "cleaned" pursuing nan hack.

Was location ever a mobility of giving nan criminals what they wanted? Never, said nan schoolhouse group boss.

"The money we person is for disadvantaged young people, and secondly had we paid we would person opened nan doorway for different schoolhouse groups to beryllium attacked."

It is not known whether akin scenes are playing retired down nan scenes astatine M&S, arsenic nan institution has only issued constricted accusation successful its charismatic statements, and has not put anyone up for interview.

But group claiming to activity for nan retailer person fixed a consciousness of nan chaos connected societal media.

On Reddit, users who identified themselves arsenic M&S workers, thing nan BBC has not verified, described nan effect of nan cyber attack

One wrote that astir soul systems had been affected and that location had been experiments pinch "resuming operations manually pinch insubstantial and pen".

Another poster said caput agency unit were moving weekends, and that nan problems were "like going backmost successful time".

While immoderate reported shortfalls successful equipment coming in, others described oversupply of immoderate items, which meant nutrient went to discarded - pinch 1 saying they had to move distant aggregate pints of milk.

What is clear is different companies are watching what's happening closely, moreover much truthful since different retailer, nan Co-op, unopen down immoderate of its IT systems this week in consequence to a abstracted cyber attack.

"We're patching for illustration mad," is what 1 retailer told nan BBC.

In different words, they are making judge each portion of strategy has nan astir up-to-date package and protections.

Sir Charlie Mayfield, nan erstwhile president of John Lewis, said different firms understood only excessively good really susceptible they were.

"Online shopping has wholly transformed unit - arsenic exertion becomes much pervasive, nan consequence of this benignant of onslaught rises pinch it," he told nan BBC.

According to nan cyber information breaches survey, conducted by nan UK government, 74% of ample businesses said they were targeted pinch cyber attacks past year.

The acquisition of being hacked tin beryllium a difficult 1 for individuals caught successful nan disruption.

Wedding dress designer Catherine Deane said it was "devastating" erstwhile her company's Instagram relationship was hacked.

"It felt for illustration nan rug had been pulled from nether us. Instagram is our superior societal platform, and we've invested nan astir magnitude of clip and business resources into it.

"To support nan relationship existent we station contented each day. Suddenly each this work… it was conscionable pulled."

She told nan BBC past month of nan trouble of fixing nan problem pinch Meta, nan proprietor of Instagram, describing that expereince arsenic "almost traumatising".

In June past year, unit astatine hospitals successful London told of really they were near grappling pinch nan aftermath of a cyber onslaught that led to galore hours of other activity for their staff.

A captious incident was declared aft nan ransomware onslaught targeted nan services provided by pathology patient Synnovis.

Services including humor transfusions were severely disrupted astatine Guy's and St Thomas' Hospital and King's College Hospital (KCH).

Dr Anneliese Rigby, a advisor anaesthetist astatine KCH, told nan BBC: "So what nan labs are having to do is person nan humor sample, manually process that, which is simply a long, time-consuming process requiring a batch of unit which we don't person truthful we're having to get other group to thief pinch that."

It seems apt location will still beryllium galore difficult days up of M&S.

Additional reporting by Zoe Kleinman, Chris Vallance, Joe Tidy and Tom Gerken