Cyber-security experts warn that tens of thousands of British firms may already have hackers lurking undetected inside their systems. The shift to “ransomware-as-a-service” means criminal groups such as DragonForce rent out powerful attack tools, letting less-skilled crooks keep 80 % of any ransom while the developers take a cut. Evidence of DragonForce has been found in the recent Marks & Spencer breach, and other high-end retailers—including Dior, the Co-op and Harrods—have reported or foiled similar incursions. Attackers typically enter through social-engineering scams, spend weeks learning the network, then strike. Generative AI is making those scams harder to spot, further lowering the barrier to entry and boosting the volume and sophistication of attacks.

Cyber-security specialists believe hackers could be sitting undiscovered in the networks of thousands of UK companies, poised to launch ransom attacks.

A New Criminal Business Model

The dragon is no myth: the DragonForce gang now sells “ransomware-as-a-service”, letting would-be attackers rent top-tier malware and pocket most of the proceeds. Skills once reserved for elite hackers are now available on dark-web marketplaces, complete with user ratings.

Retailers Feel the Heat

Marks & Spencer is still recovering from an April breach that stole customer data and froze online shopping. Dior confirmed data theft, while the Co-op and Harrods narrowly averted full-scale crises after spotting intruders early.

AI Gives Phishing a Facelift

Generative AI can craft near-perfect phishing emails or voice clones, making social-engineering traps more convincing than ever. When paired with off-the-shelf ransomware, the threat multiplies.

What Should Firms Do?

Enable multi-factor authentication everywhere.

Patch quickly and review remote-access logs.

Run continuous threat-hunting to spot dwell-time activity.

Train staff to recognise AI-enhanced phishing attempts.

Vigilance and layered defences are now business essentials, not optional extras.