Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Blue Yonder Probing Data Theft Claims After Ransomware Gang Takes Credit for Attack

The Blue Yonder ransomware attack that caused disruptions to Starbucks and major grocery stores may have also involved information theft.

The ransomware attack that hit Blue Yonder last month may have also involved the theft of a significant amount of files.

Arizona-based Blue Yonder, whose supply chain management software is used by major companies in the US and elsewhere, revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to a ransomware attack.  

It soon came to light that the incident had caused significant disruptions to several major firms that use Blue Yonder services, including Starbucks and two of the UK’s biggest grocery store chains, Morrisons and Sainsbury’s.

A new ransomware gang named Termite took credit for the attack on Blue Yonder on its Tor-based website on Friday.

The cybercriminals claim to have obtained 680 Gb of data from Blue Yonder, including databases, email addresses, and documents. They said they will make available some of the stolen data “soon”.

In a statement issued after the hackers named the company on their website, Blue Yonder said it’s aware of the claims. The firm said its investigation remains ongoing.

“We are aware that an unauthorized third party claims to have taken certain information from our systems,” Blue Yonder said. “We are working diligently with external cybersecurity experts to address these claims.”

The company also noted that it has been working with customers that suffered operational disruptions to help them restore services.

The Termite ransomware group delivers file-encrypting ransomware and also steals data from victims in an effort to increase its chances of getting paid. 

Advertisement. Scroll to continue reading.

Both Cyble and Broadcom’s Symantec reported that the file-encrypting malware used by the cybercriminals appears to be a modified version of the Babuk ransomware, whose source code was leaked a few years ago. 

Termite’s website currently only lists half a dozen other victims, all added at around the same time last week.

Related: Deloitte Responds After Ransomware Group Claims Data Theft

Related: Microlise Confirms Data Breach as Ransomware Group Steps Forward

Related: Akira Ransomware Drops 30 Victims on Leak Site in One Day

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

MorganFranklin Cyber has appointed Keith Hollender as CEO and member of the Board of Directors.

Lisa Banks has been named Chief Financial Officer at Abnormal Security.

Threat detection and response company Trellix has appointed Vishal Rao as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.