Conti Ransomware Group is widely suspected to be the perpetrator that allegedly managed to steal and encrypt data, while an ongoing investigation into the attack is still underway.
The Ransomware Attack
Parts of the Shutterfly network have experienced a ransomware attack according to Shutterfly’s official post. Furthermore, the company emphasized that this incident has not affected other websites under the ownership of Shutterfly — Shutterfly.com, Snapfish, TinyPrints, and Spoonflower. However, “portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions” stated Shutterfly. Even though thousands of devices — both personal and corporate — have been allegedly encrypted by the ransomware attack, statements from Shutterfly pointed out that there is a low probability that any extremely sensitive data has been compromised. Shutterfly underlined that they do not store “credit card, financial account information or the Social Security numbers” of their customers.
Russian Group Conti Ransomware Suspected
According to news reports outlets, an anonymous source first informed Bleeping Computer that Shutterfly was attacked by the Russian Conti Ransomware Group. Further information from the report confirms that the group is demanding millions of dollars in ransom payment and that a data leak website has been created where screenshots of allegedly stolen files have emerged. These files include images of legal agreements, financial and account info, credentials, customer information, and spreadsheets. Most concerning of all is that the group has allegedly leaked customers’ credit card information, such as the last four digits on the cards. According to the anonymous informant, the ransomware group had already started leaking stolen information and offloading it to a newly created website about two weeks ago. The group has also been known to exploit the notorious Log4j vulnerability that has recently affected the internet at large, also evident in Alibaba’s suspension from an information-sharing partnership with Chinese regulators. Adding to that, the Conti group’s involvement in exploiting a second vulnerability known as Log4j2 is also known to cybersecurity specialists. Conti Ransomware Group is known for hitting targets such as healthcare institutions and educational institutions in Europe and the U.S. Particularly well-known is the group’s ‘double-extortion’ technique that has been used in this case against Shutterfly. The group is highly active, and intelligence has picked up on a rising number of attacks orchestrated by the Conti Ransomware Group.
Investigation And Negotiations Are Ongoing
Shutterfly has denied that any financial information has been disclosed, which clashes with allegations that financial information has indeed been leaked. Shutterfly has been directing any questions by reporters back to the company’s original statement. Shutterfly has stated that they are collaborating with law enforcement and third-party cybersecurity specialists to assess the full scope of data that has been affected by the ransomware attack. The company stated that they will be providing updates on the situation.
About Shutterfly
Shutterfly, LLC. is an internet-based subsidiary company founded in 1999 that offers photograph products and photography and image sharing. It allows “millions of people [to] store, enjoy and share billions of photos.” Users can also customize and design products and even share accounts to create projects. The company functions via cloud services and is available across multiple platforms such as Android and iOS. Shutterfly claims that their “award-winning” products are on offer for users to create photo gifts, home decor, personal websites, photo books, and much more.
CISA Cybersecurity Recommendations
The U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) cybersecurity measures for Conti Ransomware include:
Using multi-factor authentication Implementing network segmentation and filtering traffic Scanning for vulnerabilities and keeping software updated Removing unnecessary applications and applying controls Implementing endpoint and detection response tools Limiting access to resources over the network especially by restricting RDP Securing user accounts
CISA also recommends using the Ransomware Response Checklist once a ransomware incident has been confirmed in an organization, reporting the incident, and applying incident response best practices.
