Supply Chains in the News Once Again as Ransomware Attack on Blue Yonder Disrupts Retail Clients

by | Dec 4, 2024

Blue Yonder is hardly a household name, but it’s very familiar to those who manage logistics and employees in the grocery and retail space. The company provides supply chain software to many household name brands, software that went offline for an extended period due to a late November ransomware attack.

Fortunately the story did not end the way so many supply chain attacks have in recent years, that is to say with massive downstream breaches of clients. The damage appears to be limited to business disruptions, but a lot about the event has yet to be disclosed to the public.

Latest supply chain attack hits grocers, Starbucks and Walgreens

The Blue Yonder breach has not yet resulted in any reported follow-on breaches of its clients, but extended lack of access to the supply chain software is causing them assorted problems. Starbucks has been one of the most forthcoming companies in terms of what it is experiencing so far, stating that it has caused a variety of inventory-related problems and that it has also shut down the system needed to track employee hours and issue paychecks. Fortunately, the company seems to have a backup manual process to ensure employees get their pay.

Switching to backup systems and old manual ways of doing things is a common theme as Blue Yonder struggles to restore function after the ransomware attack. Another of the victims is major UK grocery chain Morrisons, which has cautioned customers that there might be some gaps on shelves for a time as the outage of the supply chain software has scrambled its usual restocking procedure.

It is still unknown who is behind the ransomware attack. Blue Yonder appears to have communicated privately with whoever it was and opted not to pay a ransom, but has not been forthcoming about who they dealt with. There is also not yet any known word from underground forums.

The holiday season is typically a busy one for profit-minded hackers, though retail is usually much more targeted during this period than grocery stores. But attackers appear to be operating under the assumption that these stores will feel more pressure to pay during the very busy season if it could mean loss of sales from inventory problems, as the situation with Morrisons demonstrates.

Warehouses and scheduling in chaos at Fortune 500s after ransomware attack

“Upstream” breaches in the supply chain are becoming something of a favorite for hackers, for obvious reasons. In this case, the ransomware attack did not yield downstream access to the clients (at least as far as we know at present). But that is usually the goal, as numerous high-profile attacks in the last few years have demonstrated.

Blue Yonder has a total of about 3,000 clients across 76 countries, but quite a few of these are Fortune 500 firms. The company’s last update on the ransomware attack was on November 24, as it indicated it had brought in third-party forensic and recovery help and was working “around the clock” but had no firm timetable for the full restoration of its supply chain software.

Organizations that take cybersecurity seriously are likely well aware of the potential supply chain threat already, but this case highlights a wrinkle that isn’t seen as often: dependence on cloud- or subscription-based software that could cause serious business disruption if taken out by a ransomware attack. At minimum it highlights the need for solid contingency plans, especially during busy seasons, but might also prompt consideration of certain security upgrades such as segmentation. It might also be a good reminder to review incident response plans and ensure that they are current.

Recent Posts

How can we help?

4 + 2 =

× How can I help you?