Shutterfly services have been widely reported to have been hit with Conti ransomware. The company is famous for photo sharing and photo editing.
Many people do not realize that there's a lot of different services that Shutterfly has and that their services have been disrupted by the Conti ransomware group, which has become a pretty prolific ransomware group these days. Hitting a lot of companies recently, ever since our REvil and Dark Side, DarkMatter, whatever you want to call them, folded up and left the scene. Those cybercriminals have had a lot of pressure put on them, both politically abroad and in their own countries with law enforcement. Now you see this group Conti coming out hard, and this is one of the things I've talked about for a long time now is that it doesn't matter that we take out one or two ransomware groups. There's enough of these guys, and there's enough money to be made where "future cybercriminals" are willing to learn how to do this hacking and ransomware stuff.
It's very attractive right now. You can basically operate from anywhere in the world. Right now, it seems like a lot of cyber-attacks that we're seeing come out of mainly two or three countries. That's not always going to be the case, in my opinion. I think we will see other countries start getting involved in this type of criminal activity. As Africa begins to gain more high-speed internet and access and get more people online, these third-world developing countries should be a concern for cyber defenders. We will probably want to get rich off of something that they know. We're far from stopping ransomware, and we're far from seeing all the people who will get involved in this game. We got a long row to hoe ahead of us. That's why it's essential to start implementing a cybersecurity framework now because this isn't going away, and this isn't going to be a flash in the pan type of thing.
Shutterfly suffers a Conti ransomware attack. On Friday, a source told Bleeping Computer that Shutterfly suffered a ransomware attack approximately two weeks ago by the Conti gang. The prolific ransomware group claims to have encrypted over 4,000 devices and 120 VMware ESXi servers, which is just a fancy term for VMware's operating system that allows you to run virtual servers. We see negotiations underway for the attack. We are told that they are in progress and that the ransomware gang is demanding millions of dollars as a ransom, which is not a surprise to me, being that this is Shutterfly. Before ransomware gangs encrypt devices on corporate networks, they commonly work inside for days, if not weeks stealing corporate data and documents and gathering Intel to use in their ransomware negotiations and operating leverage.
Conti has their infamous leak page out on the dark web. They publicly shame the company to get them to negotiate and pay. This has been going on for some time now at Shutterfly, and it hasn't affected a lot of their operations, but it has affected other companies that they work with.
Conti is a ransomware operation believed to be operated out of Russia, known for other notorious malware infections, such as Ryuk, Trickbot, and BazarLoader. These were all very successful and very famous malware and botnet-type services. This operation runs as a ransomware-as-a-service, where the core team develops the ransomware, maintains payment sites, data leak sites, and negotiates with the victims.
Then they recruit affiliates who breach the corporate network, steal the data encrypt devices. We have strangers in many cases operating as a team. They work together, where one team gets access to the network, and then the experts who are good at deploying and dealing with ransomware aspects like negotiations, decryptions, things like that, getting paid, paying the people who gained access to the networks, AKA their affiliates. All this activity goes on in the ecosystem in the cyber-criminal world within the Dark Web.
Big update here with Shutterfly. Unfortunately, they were hit with a ransomware attack in the middle of December. It's still ongoing towards the end of the year, affecting many of their companies.
The Shutterfly properties that have not been impacted are Shutterfly.com. Snapfish, Tiny Prints, and Spoonflower, but the ones that have, are Lifetouch, Borrowlenses business, Groovebook, their manufacturing, and some corporate systems have been experiencing interruptions. They are working with third-party cybersecurity experts to deal with the issue, incident response, and probably ransomware negotiations.
We see a lot to learn from this cyberattack on Shutterfly. If you have any questions or need help dealing with ransomware or the Conti ransomware group, please contact us.