Blue Yonder says some customers restored as ransomware gang boasts of attack

Avatar

Panasonic-owned software giant Blue Yonder said several of its customers’ systems are back up and running, as the gang allegedly behind the incident came forward on Friday to boast about troves of stolen data.

A Blue Yonder spokesperson declined to speak about the claims made by the Termite ransomware gang or whether a ransom had been issued but said the company is “making good progress” in recovering from the cyberattack that was initially announced ahead of the Thanksgiving holiday on November 21.

“Several of our impacted customers have been brought back online, and we are actively working directly with others to return them to normal business operations,” the spokesperson said.

“Blue Yonder has been working diligently together with external cybersecurity firms and hardened our defensive and forensic protocols.”

The company — which has been at the center of supply chain and operational issues for supermarkets, manufacturers and even companies like Starbucks — published a similar statement last weekend. 

On Friday, the Termite gang claimed it stole 680 GB of data that includes emails, insurance documents, company data and more. 

Cybersecurity expert Valéry Rieß-Marchive noted that the gang has been active since April and previously took credit for an attack on the government of French island nation Réunion. Termite has listed several victims across the world, many of which have not confirmed whether they have been attacked.

Some ransomware researchers have tied the code used by the gang to the Babuk ransomware family. Last week cybersecurity firm Trend Micro said there are still errors in the malware that the group is working out.

At least one security firm said Blue Yonder had been attacked by another ransomware gang in 2021. 

The company was acquired by Panasonic in 2021 for about $8.5 billion and provides systems for fulfillment, delivery and returns for more than 3,000 major companies across 76 countries.

IndustryCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

Next Post

Another teenage hacker charged as feds continue Scattered Spider crackdown

Related Posts

Protecting Tomorrow’s World: Shaping the Cyber-Physical Future

The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed
Avatar
Read More

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date. By putting the
Avatar
Read More