M&S hackers despatched abuse and ransom demand on to CEO | EUROtoday

An abusive e-mail despatched by the Marks & Spencer hackers to the retailer’s boss gloating in regards to the hack and demanding cost has been seen by the BBC.

The message to M&S CEO Stuart Machin – which was in damaged English – was despatched on the 23 April from the hacker group referred to as DragonForce utilizing the e-mail account of an worker.

The e-mail confirms for the primary time that M&S has been hacked by the ransomware group – one thing that M&S has up to now refused to acknowledge.

“We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers,” the hackers wrote.

“The dragon wants to speak to you so please head over to [our darknet website].”

The extortion e-mail was proven to the BBC by a cyber safety knowledgeable.

The blackmail message, which incorporates the n-word, was despatched to the M&S CEO and 7 different executives.

As properly as bragging about putting in ransomware throughout the M&S IT system to render it ineffective, the hackers say they’ve stolen the personal information of thousands and thousands of shoppers.

Nearly three weeks later prospects had been knowledgeable by the corporate that their information could have been stolen.

The e-mail was despatched apparently utilizing the account of an worker from the Indian IT large Tata Consultancy Services (TCS) – which has offered IT providers to M&S for over a decade.

The Indian IT employee primarily based in London has an M&S e-mail deal with however is a paid TCS worker.

It seems as if he himself was hacked within the assault.

TCS has beforehand stated it’s investigating whether or not it was the gateway for the cyber assault.

The firm has advised the BBC that the e-mail was not despatched from its system and that it has nothing to do with the breach at M&S.

M&S has declined to remark completely.

A darknet hyperlink shared within the extortion e-mail connects to a portal for DragonForce victims to start negotiating the ransom payment. This is additional indication that the e-mail is genuine.

Sharing the hyperlink – the hackers wrote: “let’s get the party started. Message us, we will make this fast and easy for us.”

The criminals additionally seem to have particulars in regards to the firm’s cyber insurance coverage coverage too saying “we know we can both help each other handsomely : ))”.

The M&S CEO has refused to say if the corporate has paid a ransom to the hackers.

DragonForce ended the e-mail with a picture of a dragon respiratory hearth.

The e-mail confirms for the primary time the hyperlink between M&S’s hack and the continued Co-op cyber assault, which DragonForce have additionally claimed accountability for.

The two hacks – which started in late April – have wrought havoc on the 2 retailers. Some Co-op cabinets had been left naked for weeks, whereas M&S expects its operations to be disrupted till July.

Although we now know that DragonForce is behind each, it’s nonetheless not clear who the precise hackers are.

DragonForce affords cyber legal associates varied providers on their darknet website in change for a 20% reduce of any ransoms collected.

Anyone can enroll and use their malicious software program to scramble a sufferer’s information or use their darknet web site for his or her public extortion.

Nothing has appeared on the legal’s darknet leak website about both Co-op or M&S however the hackers advised the BBC final week that they had been having IT issued of their very own and could be posting data “very soon.”

Some researchers say DragonForce are primarily based in Malaysia, whereas others say Russia. Their e-mail to M&S implies that they’re from China.

Speculation has been mounting {that a} free collective of younger western hackers often known as Scattered Spider may be the associates behind the hacks and in addition one on Harrods.

Scattered Spider is just not actually a bunch within the regular sense of the phrase. It’s extra of a group which organises throughout websites like Discord, Telegram and boards – therefore the outline “scattered” which was given to them by cyber safety researchers at CrowdStrike.

Some Scattered Spider hackers are recognized to be youngsters within the US and UK.

The UK’s National Crime Agency stated in a BBC documentary in regards to the retail hacks, that they’re focusing investigations on the group.

The BBC spoke to the Co-op hackers who declined to reply whether or not or not they had been Scattered Spider. “We won’t answer that question” is all they stated.

Two of them stated they needed to be often known as “Raymond Reddington” and “Dembe Zuma” after characters from US crime thriller The Blacklist which includes a needed legal serving to police take down different criminals on a blacklist.

In a message to me, they boasted: “We’re putting UK retailers on the Blacklist.”

There have been a sequence of smaller cyber assaults on UK retailers since however none as impactful of disruptive as these on Co-op, M&S and Harrods.

DragonForce affords cyber legal associates varied providers on their darknet website in change for a 20% reduce of any ransoms collected.

Anyone can enroll and use their malicious software program to scramble a sufferer’s information or use their darknet web site for his or her public extortion.

Nothing has appeared on the legal’s darknet leaksite about both Co-op or M&S however the hackers advised the BBC they had been having IT problems with their very own and could be posting data “very soon.”

Some researchers say DragonForce are primarily based in Malaysia, whereas others say Russia. Their e-mail to M&S implies that they’re from China.

In the early phases of the M&S hack, unknown sources advised cyber information website Bleeping Computer that proof is pointing to Scattered Spider.

The UK’s nationwide cyber-crime unit has confirmed to the BBC that the group is one in every of their key suspects.

As for the hackers I spoke to on Telegram, they declined to reply whether or not or not they had been Scattered Spider. “We won’t answer that question” is all they stated.