M&S thinks DragonForce is behind the ransomware assault, says chairman.

LONDON (Reuters) — British retailer Marks & Spencer (MKS.L) thinks the ransomware operation behind the April breach, which caused it to cease online shopping for nearly seven weeks, was carried out by a group known as “DragonForce,” its chairman said on Tuesday.

Archie Norman informed members of parliament’s Business and Trade Committee that “loosely aligned parties” collaborated on the cyberattack.

“We believe in this case there was the instigator of the attack and then, believed to be DragonForce, who were a ransomware operation based, we believe, in Asia.”

Scattered Spider, a hacker gang that uses DragonForce ransomware, was previously implicated in the media for the assault.

“When this happens, you don’t know who the attacker is, and in fact, they never send you a letter signed Scattered Spider, that doesn’t happen,” according to Norman.

He said M&S did not hear from the threat actor for nearly a week after it breached the retailer’s systems.

As part of its response to the intrusion, M&S halted online clothes orders and put other systems offline. This lowered food availability and increased waste and logistical expenses.

In May, M&S stated that the attack will cost company around 300 million pounds ($409 million) in missed operational profits.

After a 46-day ban, the firm started taking online orders for apparel lines on June 10, but click-and-collect services have yet to be restored.

Last week, M&S CEO Stuart Machin assured investors that the company will be beyond the brunt of the repercussions from the assault by August.