The ransomware attack that hit Blue Yonder last month may have also involved the theft of a significant amount of files.
Arizona-based Blue Yonder, whose supply chain management software is used by major companies in the US and elsewhere, revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to a ransomware attack.
It soon came to light that the incident had caused significant disruptions to several major firms that use Blue Yonder services, including Starbucks and two of the UK’s biggest grocery store chains, Morrisons and Sainsbury’s.
A new ransomware gang named Termite took credit for the attack on Blue Yonder on its Tor-based website on Friday.
The cybercriminals claim to have obtained 680 Gb of data from Blue Yonder, including databases, email addresses, and documents. They said they will make available some of the stolen data “soon”.
In a statement issued after the hackers named the company on their website, Blue Yonder said it’s aware of the claims. The firm said its investigation remains ongoing.
“We are aware that an unauthorized third party claims to have taken certain information from our systems,” Blue Yonder said. “We are working diligently with external cybersecurity experts to address these claims.”
The company also noted that it has been working with customers that suffered operational disruptions to help them restore services.
The Termite ransomware group delivers file-encrypting ransomware and also steals data from victims in an effort to increase its chances of getting paid.
Both Cyble and Broadcom’s Symantec reported that the file-encrypting malware used by the cybercriminals appears to be a modified version of the Babuk ransomware, whose source code was leaked a few years ago.
Termite’s website currently only lists half a dozen other victims, all added at around the same time last week.
Related: Deloitte Responds After Ransomware Group Claims Data Theft
Related: Microlise Confirms Data Breach as Ransomware Group Steps Forward
Related: Akira Ransomware Drops 30 Victims on Leak Site in One Day
