The Growing Ransomware Crisis

Uploaded on 2025-05-14 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The recent cyber attacks aimed at Marks & Spencer, the Co-op and Harrods have been in the news, but this is not just an issue for retailers, as hackers strike almost any firm, in any line of business, at any time and anywhere in the world. 

The reality for business leaders, and for investors, is that the risk is practically universal. FTSE 100 CEOs and entrepreneurs running small firms are living in fear that they will be next.

Cyber attacks have cost UK companies £44 billion in lost revenue over the past five years and have affected around 52% of firms. 

Some have called in former hostage negotiators, skilled in dealing with blackmailers and terrorists. Others have claimed on their insurance policies to pay ransom demands, fuelling concerns that the very existence of such cover encourages the criminal gangs. It seems that persistent criminals have no difficulty to find a way in through gaps in a company's cyber defences, such as the IT systems and serviced from a supplier. 

A hacking gang known as Scattered Spider has been attributed  responsibility for the attacks on Marks & Spencer  (M&S), Co-op and Harrods. The criminals that were involved launched the devastating assault over the Easter bank holiday, with serious and ongoing consequences for M&S. Senior management at M&S were reluctant to pay a ransom, as and when demands were made. Typically, this happens via the Dark Web and hackers demand payment in crypto currency. 

Experts have suggested that M&S exploit, now in its third week, is a classic 'ransomware' attack, where data systems are infiltrated, disabled and only unfrozen when a ransom is paid.

Customers have been unable to place orders via its website and app, warehouse staff have been sent home and the retailer's popular click-and-collect service remains suspended, though contactless payments in store have been restored. Even recruitment has been paused as fears grow that the cyber crisis could take months to resolve.
There are concerns that working from home could be a risk factor. According to M&S's latest annual report: 'The sophistication and frequency of cyber-attacks continue to increase' as the company operates 'a hybrid work model'.

Outsourcing IT by using contractors is also an issue. 'Our reliance on key third parties for selected services and/or hosting of data also exposes us to risks from vulnerabilities in their cyber and data controls.' M&S said in a statement.

  • The Co-op has admitted that hackers had been able to access a 'significant number' of its customers' personal data, including names and addresses, but not passwords or financial information such as credit card details of its 6.2 million members.
  • In November last year Co-op's rival Morrisons was hit by hackers who targeted its warehouse technology supplier Blue Yonder
  • The NHS, the Guardian newspaper and the British Library have also been subject to ransomware attacks, causing serious short-term disruption to their systems. In some cases, the damage is fatal.
  • Foreign exchange firm Travelex collapsed six months after a ransomware attack at the end of 2019. Administrators cited the incident as a key factor.

A recent British Government Report says that, 'For the serious and organised crime gangs behind the global fraud industry, ransomware is an increasingly lucrative part of their operations.' Ransomware attacks on UK firms 'significantly increased between 2024 and 2025', the report concludes, with an estimated 19,000 companies falling victim to a ransomware attack over that period. 

The UK National Cyber Security Centre (NCSC) reports that  76 per cent of UK businesses experienced a cyber security incident in the past year. Most were from lower-level 'phishing' attacks, where fake emails or websites are used to gain access to a user's password or credit card details to steal money.

The impact of ransomware attacks can be devastating and only 4% of organisations that pay-up recover all their data, and many take months to recover. The damaging consequence of an attack include:-

  • Financial Losses: Ransom demands can range from tens of thousands to millions of dollars or pounds. Even if the ransom is paid, the cost of recovery and disruption can be significant. 
  • Operational Disruptions: Ransomware can render systems unusable, leading to downtime and delays in business operations. 
  • Reputational Damage: A successful ransomware attack can damage a company's reputation and erode customer trust. 
  • Data Breaches: Ransomware attacks can expose sensitive data, leading to legal and financial liabilities. 

A critical question is whether companies are employing enough C level executives with sufficient expertise in cyber resilience field. The problem is that, however hard a business tries to secure its systems, it has to be watertight all of the time, whereas the hackers need only be lucky once.

Illumino  |    ThisIsMoney  |   CheckPoint  |    Gov.UK  |   N2W   |    ITPro

Image: Torsten Asmus

You Might Also Read: 

How Companies Can Manage Third-Party Vendor Risk:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 




 

« Cyber Attacks Are Threatening The Survival Of Small Business

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IONU Security

IONU Security

IONU offer a security platform focused specifically on providing Data-centric Security.

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

QuoLab

QuoLab

QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

CYMAR

CYMAR

CYMAR The “CYBER” Smart Solution to offer sustainability and bring resilience to Global SMART Terminals and protect the supply chain of the World’s economy.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).

CyVent

CyVent

CyVent helps you select the right cybersecurity solutions at the right price for your unique situation, without the need to invest endless time evaluating the ever-evolving options.