It Seems that Conti Ransomware Was Behind the Attack.
Last updated on March 30, 2022
Conti ransomware is an extremely damaging malicious actor due to the speed with which encrypts data and spreads to other systems. The cyber-crime action is thought to be led by a Russia-based group that goes under the Wizard Spider pseudonym.
The group is using phishing attacks in order to install the TrickBot and BazarLoader Trojans in order to obtain remote access to the infected machines.
Employee information was exposed as threat actors seized data during a Conti ransomware attack on the online retail and image production platform Shutterfly, according to the company’s announcement of a data breach.
Shutterfly provides photography-related services to individuals, businesses, and educational institutions via a variety of brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch. Shutterfly is headquartered in San Francisco, California.
Shutterfly said today that its network was infiltrated on December 3rd, 2021, as a result of a ransomware assault on the company’s servers.
During ransomware attacks, threat actors acquire access to a company’s network and steal data and files as the malware spreads across the network. They use their ransomware, which they install on all network devices, to encrypt all data after they have gained access to a Windows domain controller and harvested all valuable data.
A data breach statement from Shutterfly said that the Conti threat actor launched the ransomware on December 13th, 2020. This was the date on which the organization became aware that they had been affected.
The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you.
The initial data breach letter issued by Shutterfly, Inc. can be read below:
We are writing to inform you of a data security incident at Shutterfly that may involve some of your personal information.
An unauthorized third party gained access to our network. This was what is known as a “ransomware” attack. The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you. We believe the access occurred on or about December 3, 2021. We discovered the incident on December 13, 2021.
What Information Was Involved?
Some of your personal data was among the data affected. This may have included your name and: . In addition, due to the nature of the documents accessed, other employment related information may have been taken, such as salary and compensation information, or information related to FMLA leave or workers’ compensation claims.
What We Are Doing
We quickly took steps to restore and secure our systems. We brought in outside cybersecurity experts. We are continuing to investigate, with their help. We continue to focus on improving our security based on what we learn. We have notified law enforcement.
We are offering you two years of credit monitoring for free from Equifax. To take advantage of this offer see the included instructions.
What You Can Do
We strongly encourage you to contact Equifax and take advantage of the two years of free service. Carefully review your accounts for any suspicious activity and remain vigilant. You may wish to change the password and security questions associated with your online accounts. If you see suspicious activity, notify the organization where you hold the account. Also notify any relevant government agency, such as the IRS, the Social Security Administration, or state DMV.
Attached to this letter are helpful resources on how to protect your personal information.
For More Information
Keeping your personal data secure is important to us, and we regret the understandable concern this incident has created. If you have any questions, call 1-866-389-3602, 9:00AM – 9:00PM Monday through Friday and 9:00 AM – 6:00 PM Saturday and Sunday Eastern.
Shutterfly is offering two years of free credit monitoring from Equifax for those affected.
How Can Heimdal™ Help?
Prevention is the best cybersecurity strategy that will protect your valuable assets in the first place. That is why your company needs efficient cybersecurity solutions like Heimdal Ransomware Encryption Protection which keeps ransomware encryption attempts away and thus protects you against data loss and data exfiltration.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.