Deploying ransomware attacks once required deep technical expertise, but Ransomware-as-a-Service (RaaS) has lowered the threshold for engaging in cybercrime. RaaS is a business model where hackers sell or lease ready-made ransomware tools to other criminals. The rise of RaaS has led to an increase in the frequency and scale of ransomware incidents, affecting organisations worldwide.
A notable recent example is the cyber-attack on Marks & Spencer (M&S), a major UK retailer. The attack, which occurred in early 2025, has been linked to a threat actor group called Scattered Spider who used an illicit service called DragonForce, This service enables affiliates to rebrand the ransomware and keep a significant portion of the ransom, while DragonForce handles the technical aspects and infrastructure.
The attackers managed to encrypt critical data on M&S’s servers, disrupting both online and in-store operations. As a result, M&S had to pause online orders and extend delivery times, causing significant operational disruption. The breach also led to the theft of personal customer data, including names, addresses and contact details.
The attack was perpetrated by cybercriminals using ‘social engineering’ tactics. This involved hackers impersonating staff members to trick the IT helpdesk into revealing passwords / login credentials – in this case belonging to a third party company that had access to M&S systems.
Call to Action:
- For IT Professionals: Conduct regular security audits on your supply chain and enforce strong vulnerability management measures. Employee training on recognising phishing and other social engineering tactics is also crucial.
- For Board Members: Prioritise cybersecurity as a key component of your business strategy. Allocate sufficient resources for cybersecurity initiatives and foster a culture of security awareness within the organisation. Regularly review and update your cybersecurity policies to address evolving threats.
The rise of RaaS has made it easier for cybercriminals to launch attacks, increasing the threat landscape for organisations. Crowe’s Forensic Services team works with organisations to improve their cyber resilience from a technical and governance standpoint.
Contact Daniel Sibthorpe for a no-obligation conversation around improving the cyber resilience of your organisation.
