The Growing Ransomware Crisis

Uploaded on 2025-05-14 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The recent cyber attacks aimed at Marks & Spencer, the Co-op and Harrods have been in the news, but this is not just an issue for retailers, as hackers strike almost any firm, in any line of business, at any time and anywhere in the world. 

The reality for business leaders, and for investors, is that the risk is practically universal. FTSE 100 CEOs and entrepreneurs running small firms are living in fear that they will be next.

Cyber attacks have cost UK companies £44 billion in lost revenue over the past five years and have affected around 52% of firms. 

Some have called in former hostage negotiators, skilled in dealing with blackmailers and terrorists. Others have claimed on their insurance policies to pay ransom demands, fuelling concerns that the very existence of such cover encourages the criminal gangs. It seems that persistent criminals have no difficulty to find a way in through gaps in a company's cyber defences, such as the IT systems and serviced from a supplier. 

A hacking gang known as Scattered Spider has been attributed  responsibility for the attacks on Marks & Spencer  (M&S), Co-op and Harrods. The criminals that were involved launched the devastating assault over the Easter bank holiday, with serious and ongoing consequences for M&S. Senior management at M&S were reluctant to pay a ransom, as and when demands were made. Typically, this happens via the Dark Web and hackers demand payment in crypto currency. 

Experts have suggested that M&S exploit, now in its third week, is a classic 'ransomware' attack, where data systems are infiltrated, disabled and only unfrozen when a ransom is paid.

Customers have been unable to place orders via its website and app, warehouse staff have been sent home and the retailer's popular click-and-collect service remains suspended, though contactless payments in store have been restored. Even recruitment has been paused as fears grow that the cyber crisis could take months to resolve.
There are concerns that working from home could be a risk factor. According to M&S's latest annual report: 'The sophistication and frequency of cyber-attacks continue to increase' as the company operates 'a hybrid work model'.

Outsourcing IT by using contractors is also an issue. 'Our reliance on key third parties for selected services and/or hosting of data also exposes us to risks from vulnerabilities in their cyber and data controls.' M&S said in a statement.

  • The Co-op has admitted that hackers had been able to access a 'significant number' of its customers' personal data, including names and addresses, but not passwords or financial information such as credit card details of its 6.2 million members.
  • In November last year Co-op's rival Morrisons was hit by hackers who targeted its warehouse technology supplier Blue Yonder
  • The NHS, the Guardian newspaper and the British Library have also been subject to ransomware attacks, causing serious short-term disruption to their systems. In some cases, the damage is fatal.
  • Foreign exchange firm Travelex collapsed six months after a ransomware attack at the end of 2019. Administrators cited the incident as a key factor.

A recent British Government Report says that, 'For the serious and organised crime gangs behind the global fraud industry, ransomware is an increasingly lucrative part of their operations.' Ransomware attacks on UK firms 'significantly increased between 2024 and 2025', the report concludes, with an estimated 19,000 companies falling victim to a ransomware attack over that period. 

The UK National Cyber Security Centre (NCSC) reports that  76 per cent of UK businesses experienced a cyber security incident in the past year. Most were from lower-level 'phishing' attacks, where fake emails or websites are used to gain access to a user's password or credit card details to steal money.

The impact of ransomware attacks can be devastating and only 4% of organisations that pay-up recover all their data, and many take months to recover. The damaging consequence of an attack include:-

  • Financial Losses: Ransom demands can range from tens of thousands to millions of dollars or pounds. Even if the ransom is paid, the cost of recovery and disruption can be significant. 
  • Operational Disruptions: Ransomware can render systems unusable, leading to downtime and delays in business operations. 
  • Reputational Damage: A successful ransomware attack can damage a company's reputation and erode customer trust. 
  • Data Breaches: Ransomware attacks can expose sensitive data, leading to legal and financial liabilities. 

A critical question is whether companies are employing enough C level executives with sufficient expertise in cyber resilience field. The problem is that, however hard a business tries to secure its systems, it has to be watertight all of the time, whereas the hackers need only be lucky once.

Illumino  |    ThisIsMoney  |   CheckPoint  |    Gov.UK  |   N2W   |    ITPro

Image: Torsten Asmus

You Might Also Read: 

How Companies Can Manage Third-Party Vendor Risk:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 




 

« Cyber Attacks Are Threatening The Survival Of Small Business
Evolving The CISO Role »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

WISeKey

WISeKey

WISeKey is a leading cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Secrutiny

Secrutiny

Scrutiny's core services include Cyber Maturity, Cyber Risk Analyser, Cyber Controls, Incident Response, SOC, Cyber Recovery and Assurance Testing.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

SiyanoAV

SiyanoAV

SiyanoAV's range of antivirus products delivers strong protection against various cyber threats, including malware, ransomware, phishing schemes, and beyond.