Ransomware attack on Blue Yonder hits Starbucks, grocery stores across the world

(Image credit: Avast)

Blue Yonder confirmed suffering a ransomware attack
Several of its customers came forward, saying they were affected, too
At press time, the company was still working on restoring services

Supply chain management giant Blue Yonder has confirmed suffering a ransomware attack that greatly disrupted its services - and as a result, many of its customers have also had trouble operating.

A short announcement published on the company’s website on November 22 said a day before, it HAD “experienced disruptions to its managed services hosted environment”. Subsequent investigation confirmed that it was a ransomware attack.

“Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols,” the announcement reads. “With respect to the Blue Yonder Azure public cloud environment, we are actively monitoring and currently do not see any suspicious activity.”

Hitting Starbucks

Newer updates do not share any meaningful information, however multiple media publications have uncovered how the attack affected the company’s clients.

Blue Yonder is a leading supply chain management, logistics, and retail software company that uses AI and machine learning to optimize operations and improve decision-making. According to BleepingComputer, it has more than 3,000 clients around the world, including some of the biggest names out there - Coca-Cola Beverages Florida, Kimberly-Clark, and Bayer.

As per a CNN report, Starbucks is one of the companies feeling the effects of the ransomware attack. Allegedly, the coffee chain uses Blue Yonder to track and manage its baristas’ schedules. Furthermore, two of the four biggest grocery chains in the UK - Morrisons, and Sainsbury, also confirmed being affected by the attack.

At press time, Blue Yonder was still working on restoring its services. So far, no threat actors have come forward to claim responsibility for the attack, so we don’t know who the attackers were, or how much money they are asking in exchange for the decryption key. Finally, we don’t know if Blue Yonder lost any company, or customer data in the process.

One of the nastiest ransomware groups around may have a whole new way of doing things
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.