The Growing Ransomware Crisis

Uploaded on 2025-05-14 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The recent cyber attacks aimed at Marks & Spencer, the Co-op and Harrods have been in the news, but this is not just an issue for retailers, as hackers strike almost any firm, in any line of business, at any time and anywhere in the world. 

The reality for business leaders, and for investors, is that the risk is practically universal. FTSE 100 CEOs and entrepreneurs running small firms are living in fear that they will be next.

Cyber attacks have cost UK companies £44 billion in lost revenue over the past five years and have affected around 52% of firms. 

Some have called in former hostage negotiators, skilled in dealing with blackmailers and terrorists. Others have claimed on their insurance policies to pay ransom demands, fuelling concerns that the very existence of such cover encourages the criminal gangs. It seems that persistent criminals have no difficulty to find a way in through gaps in a company's cyber defences, such as the IT systems and serviced from a supplier. 

A hacking gang known as Scattered Spider has been attributed  responsibility for the attacks on Marks & Spencer  (M&S), Co-op and Harrods. The criminals that were involved launched the devastating assault over the Easter bank holiday, with serious and ongoing consequences for M&S. Senior management at M&S were reluctant to pay a ransom, as and when demands were made. Typically, this happens via the Dark Web and hackers demand payment in crypto currency. 

Experts have suggested that M&S exploit, now in its third week, is a classic 'ransomware' attack, where data systems are infiltrated, disabled and only unfrozen when a ransom is paid.

Customers have been unable to place orders via its website and app, warehouse staff have been sent home and the retailer's popular click-and-collect service remains suspended, though contactless payments in store have been restored. Even recruitment has been paused as fears grow that the cyber crisis could take months to resolve.
There are concerns that working from home could be a risk factor. According to M&S's latest annual report: 'The sophistication and frequency of cyber-attacks continue to increase' as the company operates 'a hybrid work model'.

Outsourcing IT by using contractors is also an issue. 'Our reliance on key third parties for selected services and/or hosting of data also exposes us to risks from vulnerabilities in their cyber and data controls.' M&S said in a statement.

  • The Co-op has admitted that hackers had been able to access a 'significant number' of its customers' personal data, including names and addresses, but not passwords or financial information such as credit card details of its 6.2 million members.
  • In November last year Co-op's rival Morrisons was hit by hackers who targeted its warehouse technology supplier Blue Yonder
  • The NHS, the Guardian newspaper and the British Library have also been subject to ransomware attacks, causing serious short-term disruption to their systems. In some cases, the damage is fatal.
  • Foreign exchange firm Travelex collapsed six months after a ransomware attack at the end of 2019. Administrators cited the incident as a key factor.

A recent British Government Report says that, 'For the serious and organised crime gangs behind the global fraud industry, ransomware is an increasingly lucrative part of their operations.' Ransomware attacks on UK firms 'significantly increased between 2024 and 2025', the report concludes, with an estimated 19,000 companies falling victim to a ransomware attack over that period. 

The UK National Cyber Security Centre (NCSC) reports that  76 per cent of UK businesses experienced a cyber security incident in the past year. Most were from lower-level 'phishing' attacks, where fake emails or websites are used to gain access to a user's password or credit card details to steal money.

The impact of ransomware attacks can be devastating and only 4% of organisations that pay-up recover all their data, and many take months to recover. The damaging consequence of an attack include:-

  • Financial Losses: Ransom demands can range from tens of thousands to millions of dollars or pounds. Even if the ransom is paid, the cost of recovery and disruption can be significant. 
  • Operational Disruptions: Ransomware can render systems unusable, leading to downtime and delays in business operations. 
  • Reputational Damage: A successful ransomware attack can damage a company's reputation and erode customer trust. 
  • Data Breaches: Ransomware attacks can expose sensitive data, leading to legal and financial liabilities. 

A critical question is whether companies are employing enough C level executives with sufficient expertise in cyber resilience field. The problem is that, however hard a business tries to secure its systems, it has to be watertight all of the time, whereas the hackers need only be lucky once.

Illumino  |    ThisIsMoney  |   CheckPoint  |    Gov.UK  |   N2W   |    ITPro

Image: Torsten Asmus

You Might Also Read: 

How Companies Can Manage Third-Party Vendor Risk:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 




 

« Cyber Attacks Are Threatening The Survival Of Small Business
Evolving The CISO Role »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

European Defence Agency (EDA)

European Defence Agency (EDA)

EDAs mission is to improve European defence capabilities. Programme areas include Cyber Defence.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

MailXaminer

MailXaminer

MailXaminer is an advance and powerful email investigation platform that scans digital data, performs analysis, reports on findings and preserves them in a court validated format.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

Conquest Cyber

Conquest Cyber

Conquest Cyber builds adaptive risk management programs where innovation is most needed – within defense, intelligence, federal civilian agencies and the industrial base that supports them.

GM Sectec

GM Sectec

GM Sectec is the world's largest independent Cyber Defense and Fraud Prevention firm laser focused on payment security.

Federal Bureau of Investigation (FBI) - USA

Federal Bureau of Investigation (FBI) - USA

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

Cyscomply

Cyscomply

Cyscomply is an AI-powered self-assessment platform to identify gaps, benchmark against global standards and take the right action. You can assess against NIST CSF, DORA, ISO 27001, NIST 800-171.