Provide chain software program big Blue Yonder says it’s investigating allegations of information theft after a ransomware gang threatened to launch massive quantities of information stolen from the corporate.
Arizona-based Blue Yonder, which offers provide chain administration software program to 1000’s of organizations together with DHL, Starbucks and Walgreens, was hit by a cyber assault on November 21. The corporate mentioned on the time that it was a “ransomware incident,” however didn’t say who was behind the assault.
On Friday, the “Termite” ransomware group claimed accountability for the assault on its darkish net leak web site. In a publish seen by TechCrunch, the gang claims to have stolen 680 gigabytes of information from Blue Yonder, together with paperwork, reviews, insurance coverage paperwork and electronic mail lists, which Termite says it intends to make use of “for future assaults.”
In a press release given to TechCrunch, Blue Yonder spokesperson Marina Renneke mentioned the corporate was “conscious of who claimed accountability.”
“We’re conscious that an unauthorized third social gathering claims to have taken sure info from our methods,” Renneke mentioned. “We’re working diligently with third-party cybersecurity consultants to deal with these claims. “The investigation is ongoing.”
The Termite ransomware gang first emerged earlier this 12 months. Safety consultants imagine the group is a rebrand of the infamous Russia-linked Babuk ransomware group, which carried out greater than 65 assaults and acquired $13 million in ransom funds. in line with the US Division of Justice..
Menace intelligence firm Cyble famous similarities between Termite and Babuk ransomware strains, and Broadcom safety researchers noticed The group makes use of a modified model of the Babuk ransomware.
On its darkish net leak web site, the place the gang lists six different victims, Termite threatens to publish information allegedly stolen from Blue Yonder “quickly.” It’s not recognized whether or not he has demanded a ransom fee from the corporate, and Blue Yonder declined to say when requested by TechCrunch.
Blue Yonder additionally declined to say how a lot and what varieties of information had been stolen, however didn’t dispute claims made by Termite when requested.
In an replace of his cybersecurity incident web page On Friday, Blue Yonder mentioned it had “notified clients who had been affected by operational disruptions and had been working with them all through the restoration course of.”
It’s not but recognized what number of of Blue Yonder’s greater than 3,000 clients had been affected by the incident. British grocery store chains Morrisons and Sainsbury’s beforehand confirmed to TechCrunch that that they had been affected, and American espresso big Starbucks mentioned the ransomware assault had pressured managers to manually calculate staff’ salaries.
