Termite ransomware group claims a major cyber attack on Blue Yonder

The Termite ransomware group claims that it infiltrated the internal network of U.S.-based end-to-end supply chain technology services provider Blue Yonder and stole 680 GB of data.

 

Headquartered in Scottsdale, Arizona, Blue Yonder is a supply chain management company operating as an independent subsidiary of Panasonic. It has more than 3,000 clients globally, including several major retailers such as Morrisons, Sainsbury’s, Tesco, Starbucks, Renault, Procter & Gamble and more.

 

In a data security incident notification posted on its website, Blue Yonder said that on November 21, it experienced disruptions to its “managed services hosted environment”. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation revealed that the company suffered a ransomware attack that involved threat actors infiltrating its network, injecting malicious code and encrypting certain vital systems.

 

Morrisons and Sainsbury’s, two of the UK’s largest retail chains, confirmed being affected by the Blue Yonder ransomware attack.

 

Operational disruptions were reported in the U.S. too. In a statement shared with the Wall Street Journal, a Starbucks spokesperson said that the ransomware attack disrupted the organisation’s ability to pay baristas and manage their schedules, forcing them to manually calculate employees’ pay.

 

Recently, the novel Termite ransomware group claimed responsibility for the ransomware attack on Blue Yonder and listed it as a victim on its data leak site. The group claims to be in possession of 680 GB of data stolen from the company that includes databases, email lists "for future attacks" (over 16,000 entries), miscellaneous documents (over 200,000), reports, and insurance documents.

 

The company, in a recent update, said, “Blue Yonder worked with external cybersecurity firms and strengthened our defensive and forensic protocols. We have notified customers who were impacted by operational disruptions and have been working with them throughout the restoration process.

 

“We are aware that an unauthorised third party claims to have taken certain information from our systems. We are working diligently with external cybersecurity experts to address these claims. The investigation remains ongoing.”