Marks & Spencer has locked remote-working staff out of some of its IT systems to contain the fallout from a cyberattack that continues to cripple the retailer.

The chain has closed some of its programs that employees use to log into the internal IT systems when working away from the office.

Cybersecurity experts said the move to cut off its virtual private network (VPN) was most likely to stop the attack from spreading throughout M&S’s IT infrastructure.

Sources close to the company said staff could still work from home, but that access to its internal systems had been scaled back while it dealt with the attack.

M&S, which has 65,000 staff, has suspended taking online orders and many of its shoppers were unable to use contactless payments for parts of last week. As of Saturday morning, customers were able only to browse rather than buy items on its website. Shoppers with click-and-collect orders have been advised to wait for a “ready to collect” email before venturing to a store.

The company’s shares have fallen by 4 per cent since the attack, which it first acknowledged on Tuesday. The hit is potentially significant: last year, M&S generated £1.3 billion of sales from online orders in its clothing and home business — more than a third of its overall clothing and home revenues of £3.8 billion.Kevin Beaumont, a cybersecurity researcher, said the attack “certainly has the hallmarks of ransomware”. He added that switching off the VPN “is a usual first-stage containment step to cut off the threat actor”.A ransomware attack is a type of breach where cybercriminals steal data from a company and lock its IT systems, demanding payment in return for restoring access and not releasing the data. It is a popular extortion tactic among Russian hackers.• Government updates cybersecurity code in face of ‘alarming’ threatsThe US Cybersecurity and Infrastructure Security Agency advises companies that have been hit by a ransomware attack first to contain it, isolating affected IT systems by taking them offline so hackers cannot move laterally to other parts of the network. Companies are then advised to draft in experts to discover how a breach happened and to employ “white hat” hackers to help eradicate the ransomware and recover their systems.The costs of a hack are significant for large companies, which in response often have to draft in large teams of lawyers, as well as technology firms. Payouts may also be on the cards if they lose customer or client data.The IT outsourcing company Capita estimates that a ransomware breach in 2023 cost it between £20 million and £25 million — and that is before a potential fine from the data regulator, the Information Commissioner’s Office. MGM Resorts, which runs casinos and hotels in Las Vegas, lost about $100 million after a hack in 2019.• Capita data breach ‘may affect millions’While authorities advise companies against paying cybercriminals to restore their systems, many quietly end up doing so in cryptocurrency.M&S has reported itself to the Information Commissioner’s Office and is working with the National Cyber Security Centre to respond to the breach.