Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 30-Nov-2024 02:54:40 JST Kevin Beaumont

   9 days since Blue Yonder SaaS ransomware incident began, 6 days since the last comms saying no ETA to recovery.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 02-Dec-2024 21:15:28 JST Kevin Beaumont

     in reply to

     Blueyonder just gave their first update in 8 days, saying “several” impacted customers are back online.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 05-Dec-2024 23:35:37 JST Kevin Beaumont

     in reply to

     It's now two weeks to the day since SaaS provider Blue Yonder got hit with ransomware. Their customer update page, which is not indexed on Google, has not been updated for 5 days.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 06-Dec-2024 21:18:34 JST Kevin Beaumont

     in reply to

     Termite ransomware group just claimed Blue Yonder. "Our team got 680gb of data such as DB dumps Email lists for future attacks (over 16000) Documents (over 200000) Reports Insurance documents. Check for updates. Data links will be available soon."

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 06-Dec-2024 21:28:35 JST Kevin Beaumont

     in reply to

     If anybody is wondering, Termite ransomware = operators from another two prior groups, the brand launched last month. They use a variant of Babuk to encrypt ESXi via vCenter. #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 08-Dec-2024 03:37:57 JST Kevin Beaumont

     in reply to

     Blue Yonder’s legal team would like you to know nothing #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 13-Dec-2024 09:03:18 JST Kevin Beaumont

     in reply to

     Blue Yonder update, they say a significant majority of customers have service restored after 23 days, and they’re working with the rest. #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 16-Dec-2024 01:44:14 JST Kevin Beaumont

     in reply to

     Termite ransomware group appear to have quietly published some Blue Yonder content, on 13th December.

     #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 18-Dec-2024 04:05:59 JST Kevin Beaumont

     in reply to

     Termite's ransomware groups download site has mysteriously been offline for several days.

     #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 24-Dec-2024 01:55:41 JST Kevin Beaumont

     in reply to

     The Termite download site is back up. In terms of Blue Yonder, there's 220k files for download across about 700gb of data.

     #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 03-Jan-2025 02:04:52 JST Kevin Beaumont

     in reply to

     I think kudos to Blue Yonder, they clearly haven't paid the Termite ransomware group extortion attempt as the data is still sat there.

     My view in these things is don't pay as aside from the obvious, the data will disappear anyway -- ransomware groups can't afford to keep it online for long. Also, it gives you the option of downloading a free backup of your own data.

     Their last update is December 12th.