[ad_1]
Supply chain software giant Blue Yonder said it was investigating allegations of data theft after a ransomware gang threatened to release troves of data stolen from the company.
Arizona-based Blue Yonder, which provides supply chain management software to thousands of organizations including DHL, Starbucks and Walgreens, was hit by a cyberattack on November 21. The company said at the time that it was a “ransomware incident,” but did not say what. Who was behind the attack?
On Friday, the Termite ransomware group claimed responsibility for the attack on its dark web leak site. In a post seen by TechCrunch, the gang claims to have stolen 680 gigabytes of data from Blue Yonder, including documents, reports, insurance policies, and email lists, which Termite says it intends to use for “future attacks.”
In a statement provided to TechCrunch, Blue Yonder spokeswoman Marina Reineke said the company is “aware of who claimed responsibility.”
“We are aware that an unauthorized third party claims to have taken certain information from our systems,” Reineke said. “We are working diligently with external cybersecurity experts to address these allegations. The investigation remains ongoing.”
The Termite Ransomware gang first appeared earlier this year. Security experts believe the group is a reworking of the notorious Russia-linked Babok ransomware group, which has carried out more than 65 attacks and generated $13 million in ransom payments, according to the US Department of Justice.
Threat intelligence firm Cyble male Similarities between Termite and Babuk ransomware strains and security researchers at Broadcom Notice The group is using a modified version of Babok ransomware.
On its dark web leak site, where the gang lists six more victims, Termite threatens to release data allegedly stolen from Blue Yonder “soon.” It is not known whether it made a ransom demand from the company, and Blue Yonder declined to say when asked by TechCrunch.
Blue Yonder also declined to specify the amount and types of data stolen, but did not dispute Termite’s claims when asked.
In her update Cybersecurity incidents page Blue Yonder said Friday that it “notified customers affected by the operational disruptions and worked with them throughout the restoration process.”
It is still unknown how many of Blue Yonder’s more than 3,000 customers were affected by the incident. UK supermarket chains Morrisons and Sainsbury’s previously confirmed to TechCrunch that they were affected, and US coffee giant Starbucks said a ransomware attack forced managers to manually calculate staff salaries.
[ad_2]