Shutterfly, an American photo gift maker, has suffered ransomware attacks. The attackers allegedly encrypted more than 4,000 devices and 120 VMware ESXi servers, and also stole corporate data.
According to sources, Shutterfly has been attacked using the ransomware Conti. The group is in talks with the company and is demanding millions of dollars in ransom. As part of a double-extortion tactic, Conti created a private Shutterfly data breach page containing screenshots of data allegedly stolen from the company. Attackers threaten to make this page public if the ransom is not paid.
Screenshots depict legal agreements, bank and merchant account information, corporate logon credentials, spreadsheets, and customer information, including the last four digits of credit cards. Conti members claim they have access to the source code for Shutterfly's store, but it is not known if the site is Shutterfly.com or another resource.
Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints, or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing, and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident. As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information, or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate., ”the Shutterfly statement.
In an ongoing investigation, the company is also assessing the full scope of any data that may have been affected. Shutterfly says that the company does not store credit card, financial account, or social security number information for Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, so this information was not affected by this incident.
While Shutterfly says no financial information has been disclosed, one of the screenshots contains the last four digits of the credit cards. In this regard, it is unclear whether more important information was stolen by the attackers during the attack.
Conti is known for attacks on other high-profile organizations in the past, including Ireland’s Health Service Executive (HSE) and Department of Health (DoH), the City of Tulsa, Broward County Public Schools, and Advantech. Due to the increased activity by the cybercrime gang, the US government recently issued an advisory on Conti ransomware attacks.