Home News Ransomware Attack On Shutterfly Affects Its Network Operations

Ransomware Attack On Shutterfly Affects Its Network Operations

Cybercriminals compromise some networks of photography company Shutterfly with ransomware. Security experts opine that the Conti ransomware group is responsible for the incident.

DeadBolt, Shutterfly ransomware, Cuba ransomware

The U.S.-based photography company Shutterfly confirmed that it had sustained a ransomware attack affecting some of its services, making it the latest victim in the string of ransomware attacks. In an official release, the photography products and image sharing firm stated the cybersecurity incident had affected some of its corporate systems and operations of its Lifetouch, BorrowLenses business, and Groovebook services. However, the attack has not impacted Shutterfly.com, Snapfish, TinyPrints, and Spoonflower sites.

Damage Recovery

Shutterfly stated it had notified the security incident to the law enforcement authorities and engaged third-party cybersecurity experts to investigate the attack. The company also confirmed no impact on customers’ sensitive information.

Also Read: This is How Ransomware Gangs Select their Victims

“As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information, or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority, and that investigation is ongoing. We will continue to provide updates as appropriate,” the release said.

Conti Ransomware in Suspect!

While threat actors behind the ransomware attack are still unknown, several cybersecurity experts suspect the involvement of the Conti ransomware group. Russia-based Conti group, which is behind several ransomware attacks, is making headlines more often with its double extortion techniques. Recently, the group abused the Log4j flaw (CVE-2021-44228) to gain access to the internal VMware vCenter Server and encrypt vulnerable devices. The Conti is the first to become the sophisticated ransomware group weaponizing Log4j vulnerability.

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI alerted users and organizations about the rise of Conti ransomware attacks. To secure organizations’ critical systems against Conti ransomware, the agencies recommended certain security mitigations such as enabling multi-factor authentication,  implementing network segmentation, and keeping operating systems and software up to date.