Tata Motors-owned Jaguar Land Rover said on Tuesday that it is extending the suspension of regular production activities until October 1, following a cyberattack on September 1 that has since brought the storied luxury carmaker to its knees, with daily losses mounting between £5 million and £10 million.

“We have made this decision to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation. Our teams continue to work around the clock alongside cybersecurity specialists, the NCSC, and law enforcement to ensure a safe and secure restart,” the company said in a statement.

The British automaker’s production, which is heavily automated, had to stop manufacturing across all its factories, not only in Britain, but also in China, Slovakia, and India, to control the damage. This is the fourth week that the company, which produces a thousand cars a day globally, has not manufactured a single vehicle, and it will not see a manufactured car rollout for another week.

The financial implications of the prolonged cybersecurity woes are expected to significantly dent the company’s second-quarter results, following a dismal first quarter, during which U.S. tariffs and reduced demand in key markets, including China and Europe, weighed on the results.

Jaguar Land Rover recorded a decline in wholesale and retail sales by 10.7% and 15.1% in the first quarter, and its pre-tax profit plunged 49% to £351 million in the three months ended June 30. If it continues to bleed money at the reported rate, by the time JLR resumes production, it would have already lost anywhere between £175 million and £350 million.

According to several British media outlets, a group known as Scattered Spider, Lapsus$, and ShinyHunters, collectively referred to as “Scattered LAPSUS$ Hunters”, claimed responsibility for the cyberattack on JLR.

The same group, primarily composed of teenagers, has been linked to previous attacks on several British retailers, including Marks and Spencer, which reportedly cost the retail company £300 million in online sales. Scattered Spider was also responsible for Co-op and Harrods facing a wave of cyberattacks through social engineering and impersonating IT help desk staff.

According to an article by FalconFeeds.io, a cloud-native SaaS platform specialising in cyberthreat intelligence, the cybercrime group had a Telegram channel where it broadcast leaks, extortion threats, and hacker boasts. They would use meme-style threats and polls as interactive elements to engage with the audience.

ShinyHunters targeted Google, Cisco and Salesforce using voice phishing. The hacking group deployed DragonForce ransomware to encrypt the victim’s network.

On September 12, Scattered LAPSUS$ Hunters said that they are shutting down their operations. “Our objectives having been fulfilled, it is now time to say goodbye,” in a Telegram post and on breachforums, a platform for hackers.