The Termite ransomware group has confirmed their responsibility for the November cyberattack on Blue Yonder, a major supply chain software provider serving over 3,000 high-profile clients including Microsoft, DHL, and Western Digital.
The attack caused significant disruptions to Blue Yonder’s managed services, affecting numerous global businesses. Starbucks reported manual payment processing for baristas across 10,000 stores, while UK supermarket chains Morrisons and Sainsbury’s experienced supply chain disruptions. French manufacturer BIC faced shipping delays due to the incident.
Blue Yonder, operating as a Panasonic subsidiary, has begun restoring services for affected customers and is collaborating with cybersecurity experts to normalize operations. The company’s incident response team continues to work “around the clock” to address the situation.
According to Termite’s claims on their leak site, they extracted 680GB of sensitive data, including:
– Database dumps
– Email lists containing over 16,000 entries
– More than 200,000 documents
– Insurance documentation
– Various corporate reports
Termite, a relatively new ransomware operation that emerged in October, has targeted seven organizations globally. Security researchers at Trend Micro note that the group utilizes a modified version of the leaked Babuk encryptor, though their ransomware tool appears to be still under development due to code execution issues.
The full extent of the breach’s impact on Blue Yonder’s customer base and the scope of compromised data remains undisclosed by the company.