Cyber Correspondent, BBC World Service
Getty photographsThe Retailer's boss by Marx and Spencer hackers has been seen by the BBC, a derogatory electronic mail, explaining the hack and demanding cost to the retailer.
Message to M&S CEO Stuart Machin – which was in damaged English – was despatched on 23 April from a hacker group referred to as Dragonforce utilizing an worker's electronic mail account.
Email first confirms that M&S has been hacked by the ransomware group – one thing that M&S has refused to just accept thus far.
Hackers wrote, “We have marched from China to the UK and have mercilessly raped and encrypted all the servers.”
“Dragon wants to talk to you so please go to the head [our darknet website],
The BBC was shown forcible recovery email by a cyber security expert.
The blackmail message, which includes N-word, was sent to M&S CEO and seven other officials.
Also, along with setting up ransomware in M&S IT system to use it, hackers say that they have stolen private data of millions of customers.
About three weeks later Customers knowledgeable By the corporate that their information could also be stolen.
Email was clearly sent using an employee account of an employee of Indian IT veteran Tata Consultancy Services (TCS) – which has provided IT services to M&S for more than a decade.
The Indian IT worker based in London has an M&S Email address, but is a payment TCS employee.
It seems as if he himself was hacked into the attack.
TCS has stated earlier This is investigating Was it the doorway to the cyber assault.
The company has told the BBC that the email was not sent from its system and has nothing to do with violation in M&S.
M&S has refused to comment completely.
'We can help each other'
A darkness link shared in the email connects a portal for the dragonforce victims to initiate a ransom fee. It is further indicated that email is authentic.
Link sharing – Hackers wrote: “Let's begin the occasion. Give us the message, we are going to make it simpler and simple for us.”
Criminals also see details about the company's cyber insurance policy, “We know that each of us can assist one another :))”.
M&S CEO is Refused to say If the corporate has given ransom to hackers.
The dragonforce ended the email with a dragon breathing fire.
Email first confirms the hyperlink between M&S KK Hack and Running Cum Cyber AttackWhich Dragonforce has additionally claimed accountability.
Two hacks – which began in late April – wreaked havoc on two retailers. Some co-up shelves were left bare for weeks, while M&S hopes its operation will be interrupted by July.
Although we now know that the dragonforce is behind both, it is still not clear who are real hackers.
Dragonforce offers various services to cyber criminal colleagues on its dark site, which is in exchange for a 20% deduction of any ransom collected.
Anyone can sign up and use their malicious software to scrape the victim's data or use their dark website for their public forcibly recovery.
Nothing has appeared on the criminal's dark leak site about the CO-O or M&S, but the hackers told the BBC last week that they were releasing it on their own and posting “very quickly” information.
Some researchers say Dragonforce is located in Malaysia, while others say Russia. His email to M&S means that they are from China.
Speculation is increasing that a loose collective of young western hackers, known as scattered spider, may be associated behind a loose collective hack and also on herods.
The scattered spider is not actually a group in the general sense of the word. It is more than a community that conducts on sites such as discord, telegram and forum – so the “scattered” details that they were given by cyber security researchers in the crowdstruk.
Some scattered spider hackers are known to be teenagers in the US and UK.
Britain's National Crime Agency stated A BBC documentary About retail hack, that they’re centered on the investigation on the group.
BBC Talked to cum-up hackers Who refused to reply whether or not he was a scattered spider or not. “We is not going to reply that query” he said he said.
Two of them stated that they wanted to be known as “Raymond Redington” and “Damba Zuma”, which included blacklists after the characters of the US crime thriller, including a desired criminal that helps the police take down other criminals on a blacklist.
In a message for me, he claimed: “We are placing British retailers on the blacklist.”
Britain's retail vendors have been a series of small cyber attacks, but no one is influential as disintegrating as those on co-up, M&S and Harrows.
Dragonforce offers various services to cyber criminal colleagues on its dark site, which is in exchange for a 20% deduction of any ransom collected.
Anyone can sign up and use their malicious software to scrape the victim's data or use their dark website for their public forcibly recovery.
Nothing has appeared on the criminal's dark leaksite about the CO-O or M&S, but the hackers told the BBC that they had their own issues and would be posting “very quickly” information.
Some researchers say Dragonforce is located in Malaysia, while others say Russia. His email to M&S means that they are from China.
In the early stages of the M&S hack, unknown sources told the cyber news site Blapping Computer that the evidence was pointing to the scattered spider.
National Cybercade Unit of UK The BBC has confirmed that the group is one of their major suspects.
For hackers I spoke on Telegram, they refused to answer whether they were scattered spider or not. “We is not going to reply that query” he stated he stated.
With inputs from BBC