In April 2025, Marks & Spencer was hit by a major ransomware attack that disrupted operations, halted online orders and cost the business tens of millions of pounds. The attack has become a high-profile case study in how even the most established brands can fall victim to modern cyber threats.
So what exactly happened? And if such a large business as M&S was able to fall victim to a ransomware attack, how can your business be safe? We’ve put together a guide to highlight everything you need to know about keeping your business safe from small or large-scale ransomware attacks.
What Is a Ransomware Attack?
Ransomware is a type of malicious software that encrypts a company’s files or systems, holding them hostage until a ransom is paid. Increasingly, attackers also threaten to publish stolen data, a tactic known as double extortion.
But as we saw with the M&S breach, it’s not just about the data being held to ransom, it’s the methods that the attackers are using to get in that are the most worrying.
What Happened with M&S?
The attack on M&S was not a brute-force hack. Instead, it began with cybercriminals posing as staff members to trick IT support into resetting login credentials and disabling multi-factor authentication (MFA).
Once inside, the attackers:
- Gained access to the Active Directory (the system that controls access to internal resources)
- Harvested login credentials and password hashes
- Installed ransomware, encrypting critical infrastructure
- Disrupted online and in-store systems, including payments, returns, gift cards and logistics
M&S is now facing a long and costly recovery, with there being an estimated 3-year timeframe to fully restore all systems.
How Can Your Business Prevent a Ransomware Attack?
Whether you run a small business or a national chain, the core lessons from the M&S cyberattack apply to all. Here are the most important steps:
1. Train Your Staff to Recognise Social Engineering
Many cyberattacks start with human error. Teach your team to:
- Question unusual requests (e.g. password resets or urgent logins)
- Never share credentials over email or phone
- Use verification steps for internal IT requests
Tip: Run phishing simulations regularly to test awareness.
2. Enforce Multi-Factor Authentication (MFA) Everywhere
MFA should be a default for:
- Email and cloud accounts
- Admin panels and server access
- VPNs and remote desktops
Even if login details are stolen, MFA adds a powerful extra barrier. Make sure to also be aware of MFA Fatigue and raise awareness of it around the team. At Inventas, we’re able to add additional layers of security to Office 365 and Azure, in addition to MFA.
3. Review and Harden Active Directory Security
Active Directory (AD) is a common target in ransomware attacks. Strengthen it by:
- Limiting admin privileges
- Enabling auditing and logging
- Regularly updating and patching systems
4. Run Regular Backups and Test Your Recovery Plan
Frequent, secure backups are your safety net. Make sure to:
- Use off-site and offline backup storage
- Schedule automated backups
- Test your recovery plan regularly
5. Monitor for Unusual Behaviour
Use endpoint detection and response tools to:
- Flag unexpected access attempts
- Detect privilege escalation
- Monitor lateral movement within your network
Early detection can stop an attack before damage is done.
Reinforcing your Cybersecurity through Managed Service Providers
For small and medium-sized businesses, it is just not viable to have a team, or even a team member, dedicated to managing all aspects of your cybersecurity. It’s better to bring in the professionals to help prevent security risks and ensure that your business has the maximum level of protection it requires. Inventas specialises in SME IT support and can help you keep your data safe from potential ransomware attacks. We partner with Heimdal, which protects against ransomware, alongside outsourced Phishing Training courses for your team to ensure everyone knows how to respond and react to potential cyber threats.
Whether you’re auditing your existing setup or looking to implement better security and improve staff training, Inventas is here to support you with practical, no-nonsense advice and services tailored to your needs.
Prevention Is Cheaper Than Recovery
The M&S attack shows that even sophisticated enterprises can be caught off guard. But with proper defences in place, your business can dramatically reduce its risk.
In the world of cybersecurity, it’s not always a question of if you’ll be targeted, but when. The key is being ready when it happens.
Get in touch with Inventas today to see how we can help increase your cybersecurity and decrease your risk of ransomware attacks.
