A ransomware attack on supply chain technology provider Blue Yonder has caused significant disruptions for its clients, including Starbucks, BIC, and Morrisons. The newly emerged Termite ransomware group claimed responsibility for the breach on November 21, 2024, just days before Thanksgiving.
Blue Yonder, a subsidiary of Panasonic, provides supply chain management solutions to over 3,000 companies worldwide. The attack targeted its managed services-hosted environment, leading to operational disruptions across multiple industries.
Starbucks faced interruptions in its employee scheduling platform but ensured that payroll systems remained functional. Meanwhile, BIC experienced shipping delays, and Morrisons had to rely on backup systems to manage fresh food logistics.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
The Termite ransomware group announced its involvement through a dark web leak site, stating it had exfiltrated 680 GB of data from Blue Yonder. The stolen data reportedly includes:
- Database dumps
- Over 16,000 email entries for potential future attacks
- More than 200,000 documents
- Insurance reports
The group also hinted at plans to release some of the stolen information if demands are not met. Termite, which surfaced in October 2024, is believed to use a modified version of the Babuk ransomware. This malware encrypts files and appends a “.termite” extension while leaving a ransom note with instructions for victims.
Ransomware Attack Impact
The attack disrupted critical operations for several high-profile companies:
- Starbucks: The coffee giant had to revert to manual processes for managing employee schedules but maintained that customer service and store operations were unaffected.
- BIC: The French pen manufacturer reported limited shipping delays.
- Morrisons: The U.K.-based supermarket chain faced warehouse management issues for fresh produce but managed to mitigate the impact using backup systems.
Blue Yonder has since been working with external cybersecurity experts to restore services and investigate the incident. The company stated that several affected customers have been brought back online and emphasized its commitment to improving defensive protocols.
Cybersecurity experts have raised concerns about Termite’s rapid emergence as a significant threat actor. The group has already targeted organizations across various sectors, including education, automotive supply chains, and government entities. Analysts believe Termite exploits vulnerabilities through phishing attacks and stolen credentials purchased on the dark web.
This incident underscores the vulnerability of supply chain networks to cyberattacks. Experts warn that such breaches can lead to widespread operational disruptions and financial losses. Cybersecurity firms have urged companies to enhance their defenses against evolving threats like ransomware.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses