Blue Yonder investigates knowledge theft allegations after ransomware gang takes credit score for cyberattack

Provide chain software program big Blue Yonder stated it was investigating allegations of knowledge theft after a ransomware gang threatened to launch tons of knowledge stolen from the corporate.

Arizona-based Blue Yonder, which gives provide chain administration software program to 1000’s of organizations together with DHL, Starbucks and Walgreens, has been hit by a cyberattack of November 21. The corporate stated on the time that it was a “ransomware incident” however didn’t say who was behind the assault.

On Friday, the “Termite” ransomware group claimed accountability for the assault on its darkish net leak web site. In an article seen by TechCrunch, the gang claims to have stolen 680 gigabytes of knowledge from Blue Yonder, together with paperwork, studies, insurance coverage paperwork and mailing lists, which Termite says it intends to make use of “to future assaults.

In an announcement given to TechCrunch, Blue Yonder spokesperson Marina Renneke stated the corporate “is aware of who claimed accountability.”

“We’re conscious that an unauthorized third get together is claiming to have extracted sure data from our methods,” Renneke stated. “We’re working diligently with exterior cybersecurity consultants to reply to these claims. The investigation remains to be ongoing. »

The Termite ransomware gang first emerged earlier this yr. Safety consultants consider the group is a rebrand of the infamous Russia-linked Babuk ransomware group, which has carried out greater than 65 assaults and acquired $13 million in ransoms. according to the US Department of Justice.

Menace Intelligence Firm Cyble note Similarities Between Termite and Babuk Ransomware Strains and Broadcom Safety Researchers observed the group utilizing a modified model of Babuk ransomware.

On its darkish net leak web site, the place the gang lists six different victims, Termite threatens to launch knowledge allegedly stolen from Blue Yonder “quickly.” It's unclear whether or not the corporate demanded a ransom cost from the corporate, and Blue Yonder declined to say when requested by TechCrunch.

Blue Yonder additionally declined to say how a lot and what sorts of knowledge had been stolen, however didn’t dispute Termite's claims when requested.

In a sound replace cybersecurity incident page On Friday, Blue Yonder stated it had “knowledgeable clients who have been impacted by operational disruptions and labored with them all through the restoration course of.”

It's nonetheless unclear what number of of Blue Yonder's greater than 3,000 clients have been affected by the incident. British grocery store chains Morrisons and Sainsbury's beforehand confirmed to TechCrunch that that they had been hit, and US espresso big Starbucks stated the ransomware assault had pressured executives to manually calculate worker salaries.