Digital photography company Shutterfly reported a ransomware attack on Sunday. The incident was first reported by Bleeping Computer, which said a source told them the company was attacked by the Conti ransomware group.
In a statement, the company said portions of the Lifetouch and BorrowLenses business were affected. They experienced interruptions with Groovebook, manufacturing offices, and some corporate systems as well.
Law enforcement has been contacted and a cybersecurity company was also hired to help respond to the incident.
“As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information, or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident,” Shutterfly explained.
“However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.”
Conti began leaking information it stole to a leak site, according to Bleeping Computer, which added that the attack started about two weeks ago and involves a ransom demand in the millions.
Last week, researchers with security firm Advanced Intelligence discovered the Conti ransomware group exploiting VMware vCenter Server instances through the Log4j vulnerabilities.
In a report, the security company said it discovered multiple members of Conti discussing ways to take advantage of the Log4j issue, making them the first sophisticated ransomware group spotted trying to weaponize the vulnerability.
AdvIntel said the current exploitation “led to multiple use cases through which the Conti group tested the possibilities of utilizing the Log4J2 exploit.”
They noted that their research of ransomware logs shows Conti made over $150 million in the last six months. AdvIntel laid out a timeline of events for Conti’s interest in Log4j starting on November 1, when the group sought to find new attack vectors. Throughout November, Conti redesigned its infrastructure as it sought to expand, and by December 12, they identified Log4Shell as a possibility.
By December 15, they began actively targeting vCenter networks for lateral movement.
Both CISA and the FBI said in September that they have seen more than 400 attacks involving Conti’s ransomware targeting US organizations as well as international enterprises. The FBI has previously implicated Conti in attacks on at least 290 organizations in the US.
Conti has made a name for itself by attacking hundreds of healthcare institutions — including a debilitating ransomware attack on Ireland’s Health Service Executive on May 14 — as well as schools like the University of Utah and other government organizations like the city government of Tulsa, Oklahoma and the Scottish Environment Protection Agency.