Starbucks, Sainsbury's and Morrisons all apparently affected.
Blue Yonder has said it is dealing with a ‘ransomware incident’ and is working ‘diligently’ in the recovery process.
A service provider in digital supply chain transformation, the company has issued a number of updates over the past few days.
Disruptions
In the first statement, it said it had experienced disruptions to its managed services hosted environment on November 21st, which was determined to be the result of a ransomware incident.
The next update, on November 23rd, said its team is “continuing to work around the clock, together with our external cybersecurity firms, to safely restore systems, resulting in steady progress.”
Its investigation remains ongoing, but stated its priority “is to ensure a safe and secure recovery.” This was continued in the most recent statement on November 24th.
Impact on Others
Despite Blue Yonder not offering any further update, media reports claim the company’s customers are feeling the effects. The Wall Street Journal reported that payroll and staff scheduling systems at Starbucks were impacted, while UK supermarkets Morrisons and Sainsbury's have also been impacted.
Commenting, Dan Lattimer, VP at Semperis, suspected the attack was calculated, as the attackers were aware that the Thanksgiving Holiday is approaching and disruptions in the supply chain will leave many grocery stores in the U.S. with empty shelves.
“While details on the specifics of the Blue Yonder attack are scant, it is yet another reminder how damaging supply chain disruptions become when suppliers are taken offline,” he said. “Kudos to Blue Yonder for dealing with this cyber-attack head on, but we still don’t know how far reaching the business disruptions will be in the UK, U.S. and other countries.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
