News
Commentary from Semperis on the Blue Yonder ransomware attack
November 2024 by Daniel Lattimer, Vice President, Semperis
After the Blue Yonder ransomware attack that is affecting the supply chains of Morrisons and Sainsbury’s, the commentary below from Dan Lattimer, VP, Semperis.
The cyberattack on Blue Yonder is yet another reminder that retailers are at risk in the U.S., UK and in other global locations and they should brace for cyberattacks during the holiday season. This attack was likely calculated as the hackers are aware that the Thanksgiving Holiday is approaching and disruptions in the supply chain will leave many grocery stores in the U.S. with empty shelves at the worst possible time. While details on the specifics of the Blue Yonder attack are scant, it is yet another reminder how damaging supply chain disruptions become when suppliers are taken offline. Kudos to Blue Yonder for dealing with this cyberattack head on but we still don’t know how far reaching the business disruptions will be in the UK, U.S. and other countries.
Now is time for organisations to fight back against threat actors. Deciding whether or not to pay a ransom is a personal decision that each company has to make, but paying emboldens threat actors and throws more fuel onto an already burning inferno. Simply, it doesn’t pay-to-pay. Semperis’ new Ransomware Holiday Risk Report offers a sobering reminder that most organisations have targets on their backs during the holidays and weekends. In fact, more than 70 percent of organisations have been victimised by ransomware in the past 12 months. Unfortunately, most companies also downsize security staffing on holidays and weekends. In fact, in the UK, 81 percent of companies scale back security staffing by up to 50 % during holidays and weekends. In the U.S. 90 % of organisations do the same thing.
Today, to increase operational resiliency, organisations should assess their most critical network assets and harden them against failure. For instance, in nearly all ransomware attacks, threat actors compromise organisations’ identity systems, most often Active Directory. This can lead to entire networks being taken offline. To improve operational resiliency, businesses should deploy a robust backup and recovery plan, that ensures Active Directory, Entra ID, Okta and other identity systems are recoverable.
