The Termite ransomware gang has formally claimed duty for the November breach of software program as a service (SaaS) supplier Blue Yonder.
Blue Yonder (previously JDA Software program and working as a Panasonic subsidiary) is an Arizona-based worldwide provide chain software program supplier for retailers, producers, and logistics suppliers.
Its record of over 3,000 clients contains different high-profile corporations like Microsoft, Renault, Bayer, Tesco, Lenovo, DHL, 3M, Ace {Hardware}, Procter & Gamble, Carlsberg, Dole, Wallgreens, Western Digital, and 7-Eleven.
BleepingComputer had beforehand heard that Termite was behind the assault on Blue Yonder, however this might not be independently confirmed.
This incident has led to a wave of outages affecting clients utilizing the corporate’s software program, together with the U.S. coffeehouse chain Starbucks and the Morrisons and Sainsbury’s grocery store chains in the UK, on account of disruptions affecting Blue Yonder’s managed providers hosted surroundings.
Starbucks mentioned it was compelled to pay baristas manually after the ransomware assault affected the software program monitoring work schedules throughout over 10,000 shops. French pen producer BIC was additionally hit by delivery delays, whereas Morrisons revealed that the incident impacted its warehouse administration programs for contemporary meals.
Based on an replace added over the weekend to the corporate’s official safety incident monitoring web page, Blue Yonder has since introduced again on-line a number of the impacted clients and is now working with exterior cybersecurity consultants to assist others return to regular enterprise operations.
Per week earlier, Blue Yonder mentioned that its crew is “working around the clock to respond to this incident and continues to make progress.”
A Blue Yonder spokesperson was not instantly out there for remark when contacted by BleepingComputer earlier at this time.
Whereas the corporate has but to disclose what number of of its clients had been impacted and if the attackers had stolen any knowledge from its compromised programs, the Termite ransomware gang has now claimed the assault at this time, saying they stole 680GB of information.
”Our team got 680gb of data such as DB dumps Email lists for future attacks (over 16000) Documents (over 200000) Reports Insurance documents,” the menace actors declare on their leak website.
Termite is a newly emerged ransomware operation that surfaced in mid-October, in line with menace intelligence firm Cyjax. It has since listed seven victims on its darkish internet portal from numerous business sectors and from everywhere in the world, together with Blue Yonder.
Like different ransomware gangs, this cybercrime group is concerned in knowledge theft, extortion, and encryption assaults.
Based on cybersecurity agency Development Micro, they’re utilizing a model of the Babuk encryptor leaked in September 2021, which can drop a How To Restore Your Recordsdata.txt ransom notice on the victims’ encrypted programs.
Development Micro additionally mentioned that Termite’s ransomware encryptor continues to be possible a piece in progress, given that it’s going to terminate prematurely due to a code execution flaw.
