Blue Yonder ransomware attack breaks systems at UK retailers


A ransomware attack on the systems of Blue Yonder, a specialist supply chain management software provider based in the US, continues to cause knock-on impacts to the systems of multiple UK-based retailers, including major supermarkets.

The attack unfolded prior to the weekend of 23 and 24 November, and impacted the organisation’s managed services hosted environment.

“Since learning of the incident, the Blue Yonder team has been working diligently together with external cyber security firms to make progress in their recovery process,” Blue Yonder said in a statement. “We have implemented several defensive and forensic protocols.

“With respect to the Blue Yonder Azure public cloud environment, we are actively monitoring and currently do not see any suspicious activity,” it said.

“The experts along with the Blue Yonder team are working on multiple recovery strategies and the investigation is ongoing.”

In its most recent update, the organisation said: “The Blue Yonder team is working around the clock to respond to this incident and continues to make progress. There are no additional updates to share at this time with regard to our restoration timeline.”

Blue Yonder has not shared any additional information as to the identity of the ransomware actor behind the cyber attack.

In the UK, customers such as Morrisons and Sainsbury’s said they have seen impacts. Morrisons told trade sector magazine The Grocer that it used Blue Yonder’s warehouse management systems and had been forced to revert to back-up processes.

“The outage has caused the smooth flow of goods to our stores to be impacted,” said a spokesperson. Morrisons suppliers, meanwhile, revealed they were left unable to fulfil deliveries.

Sainsbury’s added that it was putting contingency processes in place.

Other customers of Blue Yonder are known to include the other major supermarket chains, Asda, Tesco and Waitrose, and multiple suppliers of consumer goods. Also confirmed to be impacted is Starbucks, where store managers have been forced to resort to analogue processes after their workforce scheduling tools went down.

Holiday disruption

Coming ahead of the busy holiday retail period, and just days before the US Thanksgiving break, the cyber attack on Blue Yonder has prompted discussion that the incident was specifically timed to cause the maximum amount of disruption – US retail customers of Blue Yonder include the operators of multiple major supermarkets, although the scale of the impact to these businesses, if any, is unknown.

Semperis vice-president Dan Lattimer said retailers should be braced for more incidents during their peak trading season.

“This attack was likely calculated as the hackers are aware that the Thanksgiving holiday is approaching and disruptions in the supply chain will leave many grocery stores in the US with empty shelves at the worst possible time,” he said.

“While details on the specifics of the Blue Yonder attack are scant, it is yet another reminder how damaging supply chain disruptions become when suppliers are taken offline.”

Prioritise third-party management

James McQuiggan, security awareness advocate at KnowBe4, said the ripple effects of the Blue Yonder cyber attack emphasised the need for users to prioritise third-party management in their risk frameworks – something that was talked about in the wake of other supply chain attacks going back years.

“Organisations should address any third-party failures in their incident response (IR) plans, including detailed procedures for alternative processes and clear communication paths to keep staff informed and operations running during outages,” he said.

“Organisations cannot predict every third-party failure, but fostering a culture of preparedness through simulations and drills that mimic SaaS [software-as-a-service] outages can build staff readiness and reduce operational downtime during actual events.

“The multi-complex nature of SaaS networks requires IR planning to include proactive coordination and ensure business continuity to reduce the risk of downtime or disruption to the business in the face of third-party disruptions,” said McQuiggan.



Source link