Skip to main content
Advertisement
Advertisement
Close
Cybercrime
The ransomware looks to be a re-worked variant of Babuk.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
(Getty Images)
A newly formed ransomware group known as Termite has claimed responsibility for a ransomware attack on Blue Yonder, which disrupted operations at several major companies, including Starbucks and leading U.K. grocery chains Morrisons and Sainsbury’s.
Blue Yonder, headquartered in Arizona, disclosed on Nov. 21 that it was experiencing disruptions within its managed services-hosted environment due to the attack. This announcement was followed by confirmations of operational difficulties experienced by its customers, notably affecting Starbucks’ payroll systems and causing warehouse management system issues at Morrisons.
The Termite group claimed responsibility through its Tor-based website, posting that it has exfiltrated 680 gigabytes of data from Blue Yonder, including sensitive information such as databases, email addresses, and over 200,000 insurance documents. The threat actors have threatened to release segments of this data publicly if ransom demands are not met.
In response, Blue Yonder confirmed its awareness of the unauthorized data claims and has enlisted external cybersecurity experts to investigate and address these security breaches. “We are working diligently to understand the full extent of the situation and to support our affected customers,” the company said in a statement.
Advertisement
The Termite group uses ransomware that is a modified version of the Babuk ransomware, whose source code became public due to a leak several years ago.
Termite’s operational footprint, although relatively new, has rapidly expanded. Within a short span, the group has listed multiple victims across various sectors and countries. Recent attacks, in addition to Blue Yonder, include a breach of Conseil Scolaire Viamonde, a French-language school board in Toronto, and the French government of Réunion.
A bulletin published by Broadcom last month said that Termite has been rather indiscriminate in its targeting, attacking government agencies, education, disability support services, oil and gas, water treatment, and automotive manufacturing organizations. Alpharetta, Ga.-based Cyble has published technical details that examine how the malware functions.
Greg Otto
Written by Greg Otto
Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.
In This Story
Advertisement
Advertisement
Advertisement
Latest Podcasts
Government
Technology
Advertisement
Continue to CyberScoop