Ransomware attack on supply chain vendor causes disruption

Major grocery store chains, Starbucks and other large organizations are experiencing disruption following a ransomware attack on a key provider of supply chain management software.

See also: Prepare for new cybersecurity reporting requirements

The affected service provider, Blue Yonder, first notified its customers of the attack on Friday, reporting that the day before it had begun experiencing “disruptions in its hosted managed services environment, which were determined to be the result of a ransomware incident.”

Blue Yonder is a Scottsdale, Arizona-based independent software vendor and consulting firm that provides supply chain management products and services to businesses. The company’s offerings include inventory management and distribution systems, as well as generative artificial intelligence tools designed to streamline existing supply chains.

In a series of breach updates, the company said its response team is “working around the clock to respond to this incident and continues to make progress,” but offered no timetable for restoring services.

“Since becoming aware of the incident, the Blue Yonder team has worked diligently with external cybersecurity firms to progress their recovery process. We have implemented several defensive and forensic protocols” , indicates the press release. “Experts, along with the Blue Yonder team, are working on several recovery strategies and the investigation is ongoing. At this time, we do not have a timeline for restoration.”

The company said its investigation so far found that Blue Yonder’s Azure public cloud environment did not appear to have been breached by attackers.

One of the organizations affected by the outage is Starbucks, which said it made it difficult to track hours worked by its baristas in its 11,000 North American stores, as reported by the Wall Street Journal. reported.

A Starbucks spokeswoman told Information Security Media Group that the outage did not affect the company’s ability to serve its customers, but disrupted access to the back-end system that employees use to view and manage their schedules, as well as record hours, and said stores use backups. process in the meantime. She said the company will need to reconcile the actual hours worked by baristas and will ensure employees receive the correct pay as quickly as possible.

Two of Britain’s “big four” food retail chains, Morrisons and Sainsbury’s, also reported their operations were affected by the Blue Yonder service outage.

Sainsbury’s, which has 600 supermarkets and more than 800 convenience stores and also owns consumer goods retailer Argos, said its operations had been affected and that it had “contingency processes” in place.

Morrisons, which operates 500 stores in England, Wales and Scotland, also confirmed it had been disrupted. “Last week, Blue Yonder experienced an outage which impacted our warehouse management systems for produce and fresh produce,” Morrisons told ISMG in a statement. “Ambient and frozen foods are not affected. We are currently operating on our backup systems and working very hard to deliver to our customers across the country.”

The disruptions come as Black Friday approaches on November 29, an annual marketing event linked to sales scheduled for the day after the Thanksgiving holiday in the United States, although many retailers in the United States and abroad are beginning their respective promotions earlier.

Blue Yonder did not specify which of its customers are affected by the outage, and the company did not immediately respond to a request for comment. The company’s website says its clients also include BJ’s Wholesale Club, Crate & Barrel, PepsiCo’s Latin America operations, Unilever Brazil, Kmart Australia and the United States Agency for International Development, aka USAID. Our other clients include the two largest supermarket operators in the United States: Krogerwhich manages brands such as Ralphs, Dillons, Smith’s and Fred Meyer; And Albertsonwhich also operates stores under the names of other brands, including Safeway, Jewel-Osco and Shaw’s.