Ransomware Attack Disrupts Shutterfly Services
The Cyberattack Allegedly Resulted in Thousands of Devices Being Encrypted.
Shutterfly, the American-based company specialized in photography, photography-related products, and image sharing, was impacted by a ransomware attack, a company’s statement says. It seems that the Conti group is behind it, as reported by BleepingComputer on Monday. Allegedly, hackers behind this known ransomware strain managed to encrypt thousands of devices and also to perform corporate data theft.
Shutterfly Services Hit by Conti: More Details
According to BleepingComputer, the gang behind Conti claimed to have performed encryption on more than 4000 devices along with 120 VMware ESXi servers, the negotiations reportedly being in progress, as the Conti group apparently is asking for a ransom amounting to millions of dollars.
The company published a statement on Sunday on their website regarding this attack impacting Shutterfly services:
Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.
As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.
The enterprise mentioned in the released statement that this attack did not involve any disclosure of financial data.
How Conti Led the Shutterfly Attack
Reportedly, a private data leakage Shutterfly page was created by the Conti group where screenshots of the allegedly stolen files can be found, this method supporting a double extortion technique. It seems that the cybercriminals threaten to make this page containing the critical data public if the requested ransom is not paid.
According to what has been told to BleepingComputer by a source, the screenshots published there contain legal agreements, bank account data, login credentials related to corporate services, spreadsheets, and some customer data.
The Conti group also claimed to be in the possession of the Shutterfly store’s source code, however, if they refer to the Shutterfly.com website or to another website is for the moment unclear.
What Is Conti Ransomware?
Conti Ransomware is a popular cybercrime group, known for operating as a ransomware-as-a-service program, this means that the core team of developers has the role to perform ransomware deployment, payment and data leakage websites maintenance, and also lead the negotiations with the victims. In this type of program, affiliates are recruited, engaging in breaching the network, stealing critical info, and then encrypting devices. This gang is being thought to be led by a Russia-based group.
Usually, Conti leads phishing attacks to eventually deploy the TrickBot and BazarLoader trojans, a thing that helps cybercriminals achieve remote access to the compromised machines. Besides encrypting data, they also make use of double extortion methods, this meaning that before encrypting files, critical information is exfiltrated in order to blackmail the target to pay the ransom, otherwise, the private information will become public.
Because the Conti group’s activity has increased, the US government also issued an advisory in relation to the Conti attacks.
How Can Heimdal™ Help?
Due to the huge growth of ransomware attacks nowadays, a company needs efficient security solutions to be a step ahead of hackers. Use our Ransomware Encryption Protection Tool, a 100% signature-free solution, that keeps malicious encryptions away and works with any antivirus.