Blue Yonder, a provider of supply chain solutions, has fallen victim to a ransomware attack, leading to disruptions in its managed services hosted environment since November 21. The attack has notably affected its supermarket chain customers Morrisons and Sainsbury's, causing shortages in fruit and vegetables due to the necessity of switching to manual ordering processes. The incident has also impacted companies like Starbucks and FedEx, which rely on Blue Yonder for workforce management software, forcing them to revert to manual tracking of time, attendance, and schedules.
The ransomware attackers managed to penetrate Blue Yonder's Private Cloud at the hypervisor level, eliminating disaster recovery and backup storage, and encrypting data across all five data centers. This situation underscores the challenges companies face when backups are targeted to complicate recovery efforts, highlighting the importance of testing and maintaining segregated backups.
Speculation about the attack vector includes potential vulnerabilities in VMware environments, which have recently been under scrutiny for critical security flaws. Blue Yonder's rapid expansion through acquisitions raises additional concerns about inherited security risks, such as unpatched software or outdated hardware, which can introduce vulnerabilities into a company's network.
Despite these challenges, Blue Yonder's Chief Security Officer has been proactive in implementing a comprehensive range of security measures aimed at bolstering the company's defenses against such attacks. These efforts include the adoption of ransomware-proof backups and enhanced incident response strategies.
The impact of the ransomware attack extends beyond operational disruptions, affecting the supply chain and leading to shortages in essential goods, like potatoes, in the UK. This incident serves as a reminder of the importance of robust security practices and the need for continuous vigilance in protecting against ransomware and other cyber threats.
Source: The Stack