[ad_1]
Pictures and customized photograph big Shutterfly has suffered a Conti ransomware assault that allegedly encrypted hundreds of gadgets and stole company knowledge.
Though many affiliate Shutterfly with their web site, the corporate’s photography-related companies are aimed toward shopper, enterprise, and training prospects via varied manufacturers comparable to GrooveBook, BorrowLenses, Shutterfly.com, Snapfish, and Lifetouch.
The principle web site can be utilized to add pictures to create photograph books, customized stationary, greeting playing cards, publish playing cards, and extra.
Shutterfly suffers a Conti ransomware assault
On Friday, a supply informed BleepingComputer that Shutterfly suffered a ransomware assault roughly two weeks in the past by the Conti gang, who claims to have encrypted over 4,000 gadgets and 120 VMware ESXi servers.
Whereas BleepingComputer has not seen the negotiations for the assault, we’re informed that they’re underway in progress and that the ransomware gang is demanding thousands and thousands of {dollars} as a ransom.
Earlier than ransomware gangs encrypt gadgets on company networks, they generally lurk inside for days, if not weeks, stealing company knowledge and paperwork. These paperwork are then used as leverage to pressure a sufferer to pay a ransom below the menace that they are going to be publicly launched or offered to different hackers.
Conti has created a non-public Shutterfly knowledge leak web page containing screenshots of information allegedly stolen throughout the ransomware assault, as a part of this ” double-extortion” tactic. The attackers threaten to make this web page public if a ransom is just not paid.
BleepingComputer has been informed that these screenshots embody authorized agreements, financial institution and service provider account information, login credentials for company companies, spreadsheets, and what seems to be buyer info, together with the final 4 digits of bank cards.
Conti additionally claims to have the supply code for Shutterfly’s retailer, however it’s unclear if the ransomware gang means Shutterfly.com or one other web site.
After contacting Shutterfly on Friday in regards to the assault, BleepingCompuer was despatched an announcement confirming the ransomware assault late Sunday night time.
This assertion, proven in its entirety under, says that the Shutterfly.com, Snapfish, TinyPrints, or Spoonflower websites weren’t affected by the assault. Nonetheless, their company community, Lifetouch, BorrowLeneses, and Groovebook had disrupted companies.
“Shutterfly, LLC just lately skilled a ransomware assault on components of our community. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower websites. Nonetheless, parts of our Lifetouch and BorrowLenses enterprise, Groovebook, manufacturing and a few company methods have been experiencing interruptions. We engaged third-party cybersecurity consultants, knowledgeable regulation enforcement, and have been working across the clock to handle the incident.”
“As a part of our ongoing investigation, we’re additionally assessing the total scope of any knowledge that will have been affected. We don’t retailer bank card, monetary account info or the Social Safety numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower prospects, and so none of that info was impacted on this incident. Nonetheless, understanding the character of the info that will have been affected is a key precedence and that investigation is ongoing. We are going to proceed to offer updates as applicable.” – Shutterfly.
Whereas Shutterfly states that no monetary info was disclosed, BleepingComputer was informed that one of many screenshots incorporates the final 4 digits of bank cards, so it’s unclear if there may be additional, and extra regarding, info stolen throughout the assault.
When BleepingComputer reached out to Shutterfly in regards to the screenshot they referred us again to the unique assertion.
The Conti ransomware gang
Conti is a ransomware operation believed to be operated by a Russian hacking group recognized for different infamous malware infections, comparable to Ryuk, TrickBot, and BazarLoader.
This operation runs as a Ransomware-as-a-Service, the place the core crew develops the ransomware, maintains cost and knowledge leak websites, and negotiates with victims. They then recruit “associates” who breach the company community, steal knowledge, and encrypt gadgets.
As a part of this association, ransom funds are cut up between the core group and the affiliate, with the affiliate normally receiving 70-80% of the entire quantity.
Conti generally breaches a community after a company gadget turns into contaminated with the BazarLoader or TrickBot malware infections, which offer distant entry to the hacking group.
As soon as they achieve entry to an inside system, they unfold via the community, harvest knowledge, and deploy the ransomware.
Conti is understood for assaults on different high-profile organizations previously, together with Eire’s Well being Service Govt (HSE) and Division of Well being (DoH), the Metropolis of Tulsa, Broward County Public Colleges, and Advantech.
As a result of elevated exercise by the cybercrime gang, the US authorities just lately issued an advisory on Conti ransomware assaults.
Replace 12/27/21: Up to date with response about monetary info in stolen knowledge.
[ad_2]
