HomeCII/OTThe Blue Yonder Attack Linked to the New Termite Ransomware

The Blue Yonder Attack Linked to the New Termite Ransomware

Published on

spot_img

The recent ransomware attack on supply chain management platform Blue Yonder has been linked to a new ransomware group called “Termite.” This attack impacted several downstream customers, including retail and manufacturing operations, with Blue Yonder working tirelessly to restore their systems.

According to researchers at Cyble, Termite ransomware is essentially a rebranded version of the infamous Babuk ransomware. The group behind Termite has claimed seven victims so far, with two in the U.S. and France, and one each in Oman, Germany, and Canada.

Cyble researchers analyzed a Termite ransomware binary and found it to be closely related to the Babuk ransomware. The ransomware employs various tactics to ensure maximum impact, such as invoking specific APIs to prolong the encryption process, terminating services and backup processes on victim machines, and deleting Shadow Copies and files from the recycling bin to prevent recovery.

The ransom note left by the Termite ransomware instructs victims to visit an onion site for further information. After displaying the ransom note, the malware encrypts files on the victim’s machine and appends the “.termite” extension to them. Additionally, it can locate network shares, retrieve information about shared resources, and encrypt files on network drives connected to the infected machine.

Cyble researchers view Termite ransomware as a new and growing threat in the cyber landscape, emphasizing the need for robust cybersecurity measures, proactive threat intelligence, and incident response strategies to combat evolving ransomware tactics. The attack on Blue Yonder highlights the appeal of the software supply chain for threat actors, as they can impact multiple companies in one attack.

For a more in-depth analysis of Termite ransomware, including indicators of compromise (IoCs) and MITRE ATT&CK techniques, you can refer to the full Cyble blog on the subject. This incident serves as a stark reminder of the ever-present threat of ransomware attacks and the importance of staying vigilant and implementing strong cybersecurity measures to protect against them.

Source link

Latest articles

FortiBleed Credential Theft Connected to INC and Lynx Ransomware Activities

The newly uncovered FortiBleed campaign has raised significant security alarms within the cybersecurity community,...

Pegasus Spyware Targets European Parliament Member Investigating Spyware Misuse

A recently unveiled forensic investigation has shed light on a serious breach of privacy...

Qilin Leads the Ransomware Market, According to Infosecurity Magazine

The ransomware ecosystem is undergoing significant transformation, shifting from fragmentation toward a phase of...

New NetScaler Vulnerability Similar to CitrixBleed Under Active Exploitation

Smaller Leak But Still Dangerous: A New Vulnerability in Citrix Technologies In a recent security...

More like this

FortiBleed Credential Theft Connected to INC and Lynx Ransomware Activities

The newly uncovered FortiBleed campaign has raised significant security alarms within the cybersecurity community,...

Pegasus Spyware Targets European Parliament Member Investigating Spyware Misuse

A recently unveiled forensic investigation has shed light on a serious breach of privacy...

Qilin Leads the Ransomware Market, According to Infosecurity Magazine

The ransomware ecosystem is undergoing significant transformation, shifting from fragmentation toward a phase of...