Emergence of Termite Ransomware: A Growing Threat to Supply Chains

New Ransomware Group “Termite” Targets Blue Yonder, Disrupts Supply Chain Operations

Last month, a significant ransomware attack on the supply chain management platform Blue Yonder has been linked to a newly emerged group known as "Termite." This cyber assault has severely impacted several downstream customers, particularly in the retail and manufacturing sectors, prompting Blue Yonder to work diligently to restore services.

According to researchers at Cyble, the Termite ransomware is essentially a rebranding of the infamous Babuk ransomware. So far, the group has claimed seven victims across multiple countries, including two each in the U.S. and France, and one each in Oman, Germany, and Canada. The attack highlights a growing trend of ransomware targeting supply chains, which can disrupt numerous businesses simultaneously.

Cyble’s analysis of the Termite ransomware reveals sophisticated tactics designed to maximize damage. Upon execution, the malware employs a method to ensure it is one of the last processes to be terminated during a system shutdown, allowing it ample time to encrypt files. It also disables critical services and deletes backup processes to hinder recovery efforts.

The ransomware’s malicious code further erases all Shadow Copies and empties the recycling bin, making file recovery nearly impossible. Victims are then directed to an onion site via a ransom note, where they are likely instructed on how to pay the ransom.

Cyble researchers warn that Termite represents a "new and growing threat" in the cyber landscape, employing advanced tactics such as double extortion to enhance its impact. This incident serves as a stark reminder of the vulnerabilities within software supply chains and the urgent need for robust cybersecurity measures to combat evolving threats.