New Termite Ransomware Linked to Blue Yonder Attack

Published:

spot_img

Emergence of Termite Ransomware: A Growing Threat to Supply Chains

New Ransomware Group “Termite” Targets Blue Yonder, Disrupts Supply Chain Operations

Last month, a significant ransomware attack on the supply chain management platform Blue Yonder has been linked to a newly emerged group known as "Termite." This cyber assault has severely impacted several downstream customers, particularly in the retail and manufacturing sectors, prompting Blue Yonder to work diligently to restore services.

According to researchers at Cyble, the Termite ransomware is essentially a rebranding of the infamous Babuk ransomware. So far, the group has claimed seven victims across multiple countries, including two each in the U.S. and France, and one each in Oman, Germany, and Canada. The attack highlights a growing trend of ransomware targeting supply chains, which can disrupt numerous businesses simultaneously.

Cyble’s analysis of the Termite ransomware reveals sophisticated tactics designed to maximize damage. Upon execution, the malware employs a method to ensure it is one of the last processes to be terminated during a system shutdown, allowing it ample time to encrypt files. It also disables critical services and deletes backup processes to hinder recovery efforts.

The ransomware’s malicious code further erases all Shadow Copies and empties the recycling bin, making file recovery nearly impossible. Victims are then directed to an onion site via a ransom note, where they are likely instructed on how to pay the ransom.

Cyble researchers warn that Termite represents a "new and growing threat" in the cyber landscape, employing advanced tactics such as double extortion to enhance its impact. This incident serves as a stark reminder of the vulnerabilities within software supply chains and the urgent need for robust cybersecurity measures to combat evolving threats.

spot_img

Related articles

Recent articles

Dutch Police Investigate Vishing Call as Key Lead in Odido Cyberattack Exposing 6.39 Million Customers

Dutch Police Investigate Vishing Call as Key Lead in Odido Cyberattack Exposing 6.39 Million Customers The recent cyberattack on Odido, a major Dutch telecom provider,...

Cybersecurity Researchers Uncover “Ghostcommit”: A New Image-Based Attack Manipulating AI to Steal Sensitive Data

Cybersecurity Researchers Uncover "Ghostcommit": A New Image-Based Attack Manipulating AI to Steal Sensitive Data Cybersecurity researchers have identified a sophisticated supply chain attack technique dubbed...

Irvinder Singh Lail Appointed to Strengthen J.S. Held’s Global Capability Leadership

Irvinder Singh Lail Appointed to Strengthen J.S. Held's Global Capability Leadership In a significant move for the global consulting landscape, J.S. Held has appointed Irvinder...

From 17,000 to 1.1 Million Assets: Lumen Technologies Strengthens Exposure Management Through Comprehensive Data Reconciliation

From 17,000 to 1.1 Million Assets: Lumen Technologies Strengthens Exposure Management Through Comprehensive Data Reconciliation In a landscape where cybersecurity threats are increasingly sophisticated, accurate...