A ransomware attack against a supply chain manager has snarled payroll and scheduling services for prominent international companies, including Starbucks and one of Britain’s largest grocery store chains.
Blue Yonder is an Arizona-based company that provides software for thousands of companies to manage their supply chains from planning to fulfillment and delivery. Last week, the company “experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident,” Blue Yonder said in a statement. The company said it had enlisted the help of outside cybersecurity firms, but its system remains stymied.
“The Blue Yonder team is working around the clock to respond to this incident and continues to make progress,” the company said in its latest update released on Sunday, adding that it did not have a timeline for restoring services. Blue Yonder did not immediately respond to a request for comment.
Founded in 1985 and billing itself as a “world leader in digital supply chain transformation,” Blue Yonder says it has over 3,000 clients who rely on its digital, A.I.-driven programming to manage their day-to-day business, including payroll, forecasting and supply chain management. The company has not detailed which of its clients or services have been impacted by the attack.
The ransomware attack has forced Starbucks stores to manage employee schedules the old-fashioned way, with pen and paper, and disrupted the coffee chain’s ability to pay staff, The Wall Street Journal reported. Around 11,000 stores in North America have reportedly been affected. Jaci Anderson, a spokeswoman for Starbucks, said in an email that the company would make sure all employees were paid for all hours worked. She added that customers were still being served as usual, and the outage did not affect them.
Morrisons, one of Britain’s largest grocery chains, confirmed that the cyberattack had upended the company’s warehouse management system, for fresh produce. Morrisons is one of several large retailers that use Blue Yonder’s software, including Sainsbury’s, another U.K.-based grocery chain.
Ransomware attacks have been on the rise, and experts warn they’re growing more serious. The cybercrime involves hackers gaining access to internal systems and locking up information until the owner or company pays for the release. Victims expand far beyond large multinational corporations — hackers have disrupted hospital systems and government agencies.
“We were getting five major ones a year back in 2011, now we’re getting 20, 25 major ones a day,” David Hall, a professor of criminology at Leeds University, said of broader ransomware attacks.
Advances in technology have raised the stakes in such attacks, particularly when it comes to third-party service providers like Blue Yonder. Intruding into those systems not only gives hackers access to the targeted company, Mr. Hall said, but also disrupts the day-to-day business of its clients.
Navigating these sorts of major ransomware attacks can be challenging, Mr. Hall said. In the Blue Yonder attack, it did not yet appear that any group had taken credit for the hack, which was uncommon given the length of time since the initial intrusion, he said.
The post Starbucks Among Companies Affected by Ransomware Attack appeared first on New York Times.
