As Marks & Spencer (M&S) – and its customers – continue to reel from a major cyber attack, other people who have gone through similar experiences have been sharing what it is like to be targeted by hackers.

“It was an absolute nightmare”, says Sir Dan Moynihan. He is the Senior Executive Principal and Chief Executive of the Harris Federation, a group of 55 schools in the London and Essex area.

It was hacked in 2021 – Sir Dan told the Today programme, on BBC Radio 4, that the culprits were the Russian ransomware crime group REvil.

“Their purpose was to blackmail us into paying four million dollars in cryptocurrency within ten days,” he said.

“If we didn’t pay in ten days, they wanted eight million.”

The hack caused chaos. Sir Dan said the group lost teaching materials, lesson plans and registration systems.

More importantly, they also lost medical records and even the fire and phone systems were affected.

The finances of the school group were hit. Staff, and bills, were left unpaid.

M&S has also been targeted with ransomware – malicious software which locks an owner out of their computer or network and scrambles their data.

The criminals then demand a fee to unlock it. Sir Dan says it was a demand he resisted.

Instead, the school group approached a firm of cyber specialists who employed a hostage negotiator. That individual then took on the role of an inexperienced school bursar – an administrator – who pretended to not know what was going on.

They took up negotiations with the hackers, with the purpose of delaying them for as long as possible so the school group could rebuild its systems.

“The Russians had stolen data from us – they didn’t tell us what – and they threatened to put this stuff up on the dark web and cause us great embarrassment, and secondly they would lock down our systems.”

Sir Dan said it took the Harris Federation three months to get everything working again, at the cost of £750,000. Among the work was 30,000 devices that needed to be “cleaned” following the hack.

Was there ever a question of giving the criminals what they wanted? Never, said the school group boss.

“The money we have is for disadvantaged young people, and secondly had we paid we would have opened the door for other school groups to be attacked.”

It is not known whether similar scenes are playing out behind the scenes at M&S, as the company has only issued limited information in its official statements, and has not put anyone up for interview.

But people claiming to work for the retailer have given a sense of the chaos on social media.

On Reddit, users who identified themselves as M&S workers, something the BBC has not verified, described the impact of the cyber attack.

One wrote that most internal systems had been affected and that there had been experiments with “resuming operations manually with paper and pen”.

Another poster said head office staff were working weekends, and that the problems were “like going back in time”.

While some reported shortfalls in goods coming in, others described oversupply of some items, which meant food went to waste – with one saying they had to pour away multiple pints of milk.

What is clear is other companies are watching what’s happening closely, even more so since another retailer, the Co-op, shut down some of its IT systems this week in response to a separate cyber attack.

“We’re patching like mad,” is what one retailer told the BBC.

In other words, they are making sure every part of system has the most up-to-date software and protections.

Sir Charlie Mayfield, the former chairman of John Lewis, said other firms understood only too well how vulnerable they were.

“Online shopping has completely transformed retail – as technology becomes more pervasive, the risk of this kind of attack rises with it,” he told the BBC.

According to the cyber security breaches survey, conducted by the UK government, 74% of large businesses said they were targeted with cyber attacks last year.

The experience of being hacked can be a difficult one for individuals caught in the disruption.

Wedding dress designer Catherine Deane said it was “devastating” when her company’s Instagram account was hacked.

“It felt like the rug had been pulled from under us. Instagram is our primary social platform, and we’ve invested the most amount of time and business resources into it.

“To keep the account current we post content every day. Suddenly all this work… it was just pulled.”

She told the BBC last month of the difficulty of fixing the problem with Meta, the owner of Instagram, describing that expereince as “almost traumatising”.

In June last year, staff at hospitals in London told of how they were left grappling with the aftermath of a cyber attack that led to many hours of extra work for their staff.

A critical incident was declared after the ransomware attack targeted the services provided by pathology firm Synnovis.

Services including blood transfusions were severely disrupted at Guy’s and St Thomas’ Hospital and King’s College Hospital (KCH).

Dr Anneliese Rigby, a consultant anaesthetist at KCH, told the BBC: “So what the labs are having to do is receive the blood sample, manually process that, which is a long, time-consuming process requiring a lot of staff which we don’t have so we’re having to get extra people to help with that.”

It seems likely there will still be many difficult days ahead of M&S.

Additional reporting by Zoe Kleinman, Chris Vallance, Joe Tidy and Tom Gerken