M&S thinks it might finally know what caused cyberattack – but still won’t say if it paid a ransom

M&S says DragonForce (not DragonForce Malaysia) is responsible for the attack, but we still don’t know if a ransom has been paid.