Marks and Spencer Group Plc., one of Britain’s leading retailers, is grappling with a severe cyberattack that has disrupted its operations for over a week, sources familiar with the matter revealed.

The attack, identified as a ransomware incident involving the potent DragonForce malware, has locked down critical systems, halting online orders and impairing payment processing in stores across the UK, according to Bloomberg.

The ransomware, deployed by a group of suspected cybercriminals, encrypts files on infected systems, rendering them inaccessible until a cryptocurrency ransom is paid, according to cybersecurity experts.

DragonForce, known for its sophisticated design, is operated by an elusive criminal syndicate that leases the malware to other hackers, taking a share of the illicit profits, experts noted.

Marks & Spencer has publicly acknowledged the “cyber incident” but has not disclosed specific details.

Two sources, speaking anonymously due to the sensitivity of the ongoing investigation, confirmed the involvement of DragonForce.

The retailer is working to restore its systems, but the attack underscores the growing threat of ransomware to global businesses.

A spokesperson for M&S has declined to comment on the ransomware attack or the identity of the hackers. It is unclear whether any ransom demands have been made or if M&S is in negotiations.

The company has enlisted external cybersecurity experts to help investigate and manage the situation.

“We are taking actions to further protect our network and ensure we can continue to maintain customer service,” the company said in a statement.

Marks & Spencer’s shares have dropped 6.2% in London since the ransomware incident was reported on April 22.