Grocers and retailers are struggling to get their systems back online just before the winter holiday peak, following a software hack that hit the supply chain software provider Blue Yonder this week.
The ransomware attack is snarling inventory distribution patterns for users such as grocery giant Ahold Delhaize, which owns the Stop & Shop chain across the U.S. Northeast region, and the employee scheduling system for coffee stalwart Starbucks, according to published reports.
Scottsdale, Arizona-based Blue Yonder provides a wide range of supply chain software, including warehouse management system (WMS), transportation management system (TMS), order management and commerce, network and control tower, returns management, and others.
Blue Yonder today acknowledged the disruptions, saying they were the result of a ransomware incident affecting its managed services hosted environment. The company has established a dedicated cybersecurity incident update webpage to communicate its recovery progress, but it had not been updated for nearly two days as of Tuesday afternoon. “Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols,” a Blue Yonder spokesperson said in an email.
In a statement apologizing to customers for the inconvenience of the cybersecurity issue, Netherlands-based Ahold Delhaize said its top priority is the security of its customers, associates and partners, and that the company’s internal IT security staff was working with external cybersecurity experts and law enforcement to speed recovery. “Our teams are taking steps to assess and mitigate the issue. This includes taking some systems offline to help protect them. This issue and subsequent mitigating actions have affected certain Ahold Delhaize USA brands and services including a number of pharmacies and certain e-commerce operations,” the company said.
The timing of the attack suggests that hackers may have targeted Blue Yonder in a calculated attack based on the upcoming Thanksgiving break, since many U.S. organizations downsize their security staffing on holidays and weekends, according to a statement from Dan Lattimer, VP of Semperis, a New Jersey-based computer and network security firm.
“While details on the specifics of the Blue Yonder attack are scant, it is yet another reminder how damaging supply chain disruptions become when suppliers are taken offline. Kudos to Blue Yonder for dealing with this cyberattack head on but we still don’t know how far reaching the business disruptions will be in the UK, U.S. and other countries,” Lattimer said.
“Now is time for organizations to fight back against threat actors. Deciding whether or not to pay a ransom is a personal decision that each company has to make, but paying emboldens threat actors and throws more fuel onto an already burning inferno. Simply, it doesn’t pay-to-pay,” he said.
Editor's note:This article was revised on November 26 to include a reply from Blue Yonder.
Gartner, Inc.
