Ransomware group Termite strikes Blue Yonder SaaS provider

Termite, an emerging ransomware group, claimed credit for the Nov. 21 cyber attack on Blue Yonder, an AI- driven supply chain management company. The attack impacted some retailers on the digital platform, including U.S. Starbucks and two major U.K. grocery store chains, according to Forbes.

"Our team at Arctic Wolf Labs confirmed they have seen reports that Termite, a new ransomware group, are claiming they are responsible for stealing ~680gb of Blue Yonder data, causing the outages to occur. Termite is a new ransomware group that first started posting on their leak site in late-October, so their attack on Blue Yonder is a significant name to add to their list of victims," said Mark Manglicmot, Arctic Wolf's senior vice president of security services. "What is interesting here is the ability for a relatively new group to go after such a large business out of the gate, and seemingly successful as according to a recent ransomware report, most victim organizations (82%) are small or medium businesses."

Ransomware is the main cause of cyber insurance loss, according to the Allianz 2024 Cyber Security Resilience report, resulting in 58% of large cyber claims in the first six months of 2024. The report reveals that ransomware attacks increased by an average of 75% in 2023, reaching over $1 billion in ransomware payments. Insured organizations fared better, the report shows, after a breach.

"Organizations that purchase cyber insurance and follow the recommendations of insurers are responding better to ransomware than firms that do not," says Marek Stanislawski, global cyber underwriting lead at Allianz Commercial, in the report. "This demonstrates that the value of cyber insurance goes well beyond the payment of claims.  Insurance helps companies make the business case for cyber security investment and direct their resources to the most effective measures."

Arctic Wolf Labs predicts that organizations will see a continued threat of cyber attacks as hackers and ransomware gangs will increasingly target weakness in critical infrastructures, particularly due to the widespread availability of advanced AI technologies. 

And despite the growing threat and concern of these incidents, Nationwide's 2024 Cybersecurity Survey Report says that 32% of organizations are not insured for cyber. Most, 82%, of risk managers are concerned about potential cyber attack, particularly due to the rise of AI and increased number of attacks. Of the reported organizations that fell victim to a cyber attack, 24% said that the attack involved generative AI.

"When thinking about new ransomware groups – we typically see them work up to larger breaches such as the one on Blue Yonder; making this group one to keep an eye on. This is the time for organizations to evaluate their security ecosystems, being mindful to patch vulnerabilities, update applications and devices accordingly and to be on the lookout for suspicious activity," said Manglicmot.