Shutterfly, a company specializing in personalized photos and photography, has been hit by the Conti ransomware, which has purportedly locked thousands of devices and stolen business data.
Many people associate Shutterfly with their websites. It offers photography-related services to consumers, businesses, and schools through the GrooveBook, Snapfish, BorrowLenses, Shutterfly.com, and Lifetouch brands. The official site allows users to upload images to make photo books, greeting cards, personalized stationery, postcards, and more.
According to a source, Shutterfly was hit by the Conti gang about two weeks ago. The Conti gang claims to have encrypted roughly 4,000 devices and 120 VMware ESXi servers. There are no signs of talks regarding the attack, but it’s reported that they are going on and the ransomware group is asking millions of dollars as a ransom.
Before encrypting systems on corporate networks, ransomware gangs frequently hide within for days, if not weeks, taking corporate data and documents. They are then used as leverage to persuade the victim to pay a ransom under the threat of being disclosed publicly or sold to other hackers.
As part of this “double-extortion” strategy, Conti has set up a secret Shutterfly data breach page with screenshots of files purportedly taken during the ransomware attack. If a ransom isn’t paid, the attackers threaten to make this page public.
According to reports, legal agreements, bank and merchant account information, login passwords for corporate services, spreadsheets, and what looks to be customer information, including credit card last four numbers, are among the screenshots. Conti also alleges to have the source code for Shutterfly’s shop. However, it’s unclear whether the ransomware group refers to Shutterfly.com or another website.
After notifying Shutterfly about the incident on Friday, the company issued a statement late Sunday night confirming the ransomware attack:
“Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.” – Shutterfly.
While Shutterfly claims that no financial information was obtained, it was discovered that one of the screenshots contained the last four digits of credit cards, so it’s unknown if other, and perhaps more harmful, information was stolen.