Supply chain software giant Blue Yonder said it was investigating claims of data theft after a ransomware group threatened to release data stolen from the company.
Blue Yonder, an Arizona-based company that provides supply chain management software to thousands of organizations including DHL, Starbucks and Walgreens, suffered a cyberattack on November 21. At the time, the company said it was a “ransomware incident” but did not specify. The person behind the attack.
Last Friday, the “Termite” ransomware group claimed responsibility for an attack on a dark web leak site. In a post seen by TechCrunch, the gang claims to have stolen 680GB of data from Blue Yonder, including documents, reports, insurance documents and email lists, which Termite says it plans to use “in future attacks.”
In a statement to TechCrunch, Blue Yonder spokeswoman Marina Renneke said the company “is aware of who claimed responsibility.”
“We are aware of claims that an unauthorized third party has taken certain information from our systems,” Renneke said. “We are working diligently with external cybersecurity experts to address these claims. “The investigation is still ongoing.”
The Termite ransomware family first emerged earlier this year. Security experts believe the group is a rebrand of the infamous Russia-linked Babuk ransomware group, which carried out more than 65 attacks and received $13 million in ransom, according to the U.S. Department of Justice.
Threat intelligence company Cyble noted similarities between Termite and Babuk ransomware variants, and security researchers at Broadcom observed the group using a modified version of Babuk ransomware.
In a dark web leak site where the gang lists six other victims, Termite is threatening to publish data allegedly stolen from Blue Yonder “soon.” It is not known whether the company was asked to pay a ransom, and Blue Yonder declined to answer questions from TechCrunch.
Blue Yonder also declined to reveal the amount and type of data stolen, but did not dispute Termite’s claims when asked.
“We have notified customers affected by the operational outage and have been working with them throughout the restoration process,” Blue Yonder said in an update to its cybersecurity incident page Friday.
It is not yet known how many of Blue Yonder’s more than 3,000 customers have been affected by the incident. British supermarket chains Morrisons and Sainsbury’s previously confirmed to TechCrunch that they had been affected, while US coffee giant Starbucks said a ransomware attack forced managers to manually calculate employees’ salaries.
