Rules Navigator

Systems in UK and US retailers down after Blue Yonder ransomware attack

The Morrisons supermarket logo is displayed outside a branch of the supermarket retailer Morrisons in Wells, England
Photo: Matt Cardy/Getty Images

Martina Lindberg

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

UK retailers Morrisons and Sainsbury’s were some of those affected by the attack on Blue Yonder in the US.

Retailers in the US and UK supermarket giants Morrisons and Sainsbury’s felt the impact of a ransomware attack on their supply chain software supplier Blue Yonder in the US. The attack was discovered on November 21, when Blue Yonder experienced disruptions to its managed services hosted environment.

A spokesperson for Morrisons told grocery trade journal The Grocer that it uses Blue Yonder’s warehouse management systems, that the attack forced it to revert to back-up processes, and that it was unable to carry out deliveries.

One of Morrison’s suppliers also reported that it was unable to deliver stock to depots, where all chilled orders were cancelled for a day as a result.

The company also sent out a warning to its wholesale and convenience customers that it was a possibility that some product lines could drop as low as 60%.

Sainsbury’s is also said to be putting contingency processes in place. Other supermarkets who use Blue Yonder, including Asda, Tesco and Waitrose, have not announced they have been affected by the events.

Defensive and forensic protocols

The Blue Yonder team said that it has been working around the clock with external cybersecurity firms to safely restore its systems. The investigation is ongoing, and it said that it has no timeline for restoration.

“With respect to the Blue Yonder Azure public cloud environment, we are actively monitoring and currently do not see any suspicious activity,” the company said. Blue Yonder also added that it now has implemented multiple defensive and forensic protocols.

US Thanksgiving disruption

For retailers in the US, the attack hit just before Thanksgiving break, which has sparked rumours of the attack being planned to maximise the disruption. The total scale of the attack has not yet been announced.

Dan Lattimer, vice-president at Semperis, told Computer Weekly that this attack was calculated with Thanksgiving around the corner, and that disruptions in the supply chain would leave many US grocery stores with empty shelves “at the worst possible time.”

“While details on the specifics of the Blue Yonder attack are scant, it is yet another reminder how damaging supply chain disruptions become when suppliers are taken offline.”

, , , , , , ,

You may also like