December 9, 2024 at 08:07AM
Blue Yonder experienced a ransomware attack last month, allegedly compromising 680 GB of data, including email addresses and documents. The Termite ransomware group claimed responsibility, impacting significant clients like Starbucks and major UK grocery chains. Blue Yonder is investigating and collaborating with cybersecurity experts to address the breach.
### Meeting Notes Takeaways
1. **Ransomware Attack Overview**:
– Blue Yonder suffered a ransomware attack last month, leading to disruptions in their managed services hosted environment.
2. **Impact on Major Clients**:
– Several major companies, including Starbucks and top UK grocery chains Morrisons and Sainsbury’s, experienced operational disruptions due to the attack.
3. **Attribution to New Ransomware Group**:
– A new group named “Termite” has claimed responsibility for the attack via a Tor-based website.
4. **Data Theft Claims**:
– Termite claims to have stolen approximately 680 GB of data from Blue Yonder, which includes databases, email addresses, and various documents.
5. **Response from Blue Yonder**:
– Blue Yonder is aware of the data theft claims and is collaborating with external cybersecurity experts to investigate the incident.
– The company is also actively assisting affected customers to restore their services.
6. **Nature of the Ransomware**:
– Termite’s ransomware appears to be a modified version of the Babuk ransomware, known for both file encryption and data theft tactics.
7. **Current Status of Affected Clients**:
– Blue Yonder is focused on mitigating the impact on clients and continuing the investigation into the ransomware attack.
8. **Related Cybersecurity Reports**:
– Other cybersecurity firms, including Cyble and Broadcom’s Symantec, have confirmed the malware’s characteristics and its modifications.
9. **Other Victims**:
– Termite’s website lists several other victims, suggesting they have been active recently in the ransomware landscape.
These takeaways summarize the key points discussed in the meeting regarding the ransomware attack on Blue Yonder and its implications.