California-based photography and image sharing company Shutterfly LLC has been targeted in a ransomware attack.
Last Friday, a source informed BleepingComputer that Shutterfly was targeted by Conti cybercriminal group in a ransomware attack. The Conti group claimed to have encrypted over 4,000 devices and 120 VMware ESXi servers.
Moreover, Conti setup a web page with posted screenshots of files allegedly stolen from Shutterfly and threatened to make the page public if a ransom is not paid.
Shutterfly released a press release acknowledging the incident on December 26, 2021:
“Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.
“As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.”Shutterfly LLC
The company did not confirm the types of data that may have been stolen by the hackers. However, some sources told BleepingComputer that some of the stolen data may have included “legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets” and possibly even some personal data to include last four digits of payment card numbers.
Just last May, the Federal Bureau of Investigation (FBI) had identified at least 16 Conti ransomware attacks targeting healthcare and first responder networks in the United States.
In those attacks, the Conti actors often used readily available tools, such as Windows Sysinternals and Mimikatz, to escalate privileges and pivot laterally through the victim’s network. The actors will then compromise and encrypt systems after exfiltrating the stolen data.
- FBI identifies 16 Conti ransomware attacks targeting US healthcare and first responder networks
- BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities
- FBI: Cuba ransomware compromised 49 critical infrastructure entities