Posted on December 28, 2021 at 2:21 PM

Digital photography studio Shutterfly breached in a ransomware attack

Shutterfly, a digital photography studio, is the latest victim of a ransomware attack. The incident happened on Sunday, with the company confirming that a breach had happened.

The ransomware attack was first brought to light by Bleeping Computer. The publication noted that the company had been targeted by the Conti ransomware group. This is according to an inside source with knowledge of the matter.

Shutterfly reports ransomware attack

The digital photography studio confirmed the details of this attack. The company stated that the attack had affected parts of its operations. The affected parts included BorrowLenses and Lifetouch.

During this attack, some of the other affected divisions included Groove book, the manufacturing division, and the firm’s corporate structures. Moreover, the company has stated that it has been in touch with law enforcement agencies and reported the breach.

The digital photography company has already hired a cybersecurity company to look into the incident. The cybersecurity company will assess the extent of the breach and understand the key data compromised by the attackers.

In the report, Shutterfly notes that “as part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information, or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident.”

However, the firm notes that it is critical to understand the nature of the data affected during this breach. The company assured its customers that “understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.”

The company also assured its customers that the breach had not affected all its divisions. It noted that the only sectors that were not affected included Spoonflower, TinyPrints.com, Snapfish.com and Shutterfly.com.

The report from Bleeping Computer noted that some of the crucial details that the Conti ransomware group had obtained during the breach were already being leaked on the internet. The group posted these details on a leak site.

Bleeping Computer further noted that the breach happened around two weeks ago. The breach resulted in a ransom demand where the ransomware group demanded that it be paid an amount that ran into the millions. Therefore, the leaking of part of the data obtained could show that Shutterfly is yet to comply with the ransom demands.

Conti ransomware group seeking to expand

The Conti ransomware group is one of the most dreaded attackers in the cybersecurity space. Last week, research conducted by Advanced Intelligence, a cybersecurity firm, noted that the Conti ransomware group was exploiting the VMware vCenter Server. The group was exploiting this server through vulnerabilities on Log4j.

The report from Advanced Intelligence also stated that it had discovered several members of this ransomware group discussing ways of exploiting the Log4j vulnerability. This will make it the first time a threat actor group is discussing ways of weaponizing the log4j vulnerability.

The cybersecurity company also noted that the exploitation of this vulnerability had already entered into the testing phase, as the ransomware group looked into multiple possibilities. The report noted that the exploitation contributed to “multiple use cases through which the Conti group tested the possibilities of utilizing the Log4J2 exploit.”

Advanced Intelligence also pointed out their research on the amount the Conti ransomware group had made. The data showed that the group had made more than $150 million in the past six months.

The group started looking actively into Log4J on November 1. This was when the group started looking for new attack vectors. For the entire month of November, the ransomware group configured its infrastructure as it sought expansion. By December 12, the company had picked Log4Shell as one of the systems to exploit. Mid this month, the group started targeted attacks on vCenter networks for lateral movement.

The group’s persistence in their ransomware attacks has attracted the attention of the FBI and the CISA. In September, the two bodies stated that they had recorded over 400 attacks linked to the Conti ransomware group. The attacks targeted companies in the US and globally. The FBI noted that Conti is linked to ransomware attacks on at least 290 companies in the US.

The group is also popular for launching attacks on healthcare facilities. On May 14 this year, the group planned to launch a ransomware attack on Ireland’s Health Service Executive. It has also launched a series of attacks on schools and government agencies.