Shutterfly Attacked by Ransomware Hackers
Table of Contents
- By David Lukic
- Published: Dec 30, 2021
- Last Updated: Mar 18, 2022
Shutterfly, the popular picture-sharing website, has been hit by a ransomware attack. The company has not revealed much about the attack but for the fact that it has disrupted its operations.
What is the Extent of the Attack?
The ransomware attack is meaningful enough to warrant a press release, yet company representatives state it has not impacted Shutterfly.com, Spoonflower, TinyPrints, or its Snapfish service. Shutterfly public relations representatives state the attack has negatively impacted its BorrowLenses, Lifetouch, and Groovebook businesses. The company also reported that the ransomware attack partially compromised its corporate systems and manufacturing systems. However, the company has not provided many details about the extent to which those systems were interrupted.
What is Shutterfly’s Response to the Ransomware Attack?
Shutterfly has notified law enforcement about the attack. The company is conducting a full-scope analysis of its data in the aftermath of the ransomware attack. The company is also working with third-party cybersecurity specialists on the matter.
Is Customer Data at Risk?
Shutterfly representatives state the company does not store financial account information, credit card numbers, or customer social security numbers. This policy is applicable to each of Shutterfly’s websites, spanning all subsidiaries. As a result, there is no reason for Shutterfly customers to worry about the ransomware attack.
Shutterfly representatives also stated it is attempting to understand the full extent of the affected data. The company will continue to provide additional information to its customers and business partners as it becomes available.
Who is Responsible for the Attack?
Conti ransomware specialists are allegedly responsible for the attack on Shutterfly. A report from Bleeping Computer states the Conti group encrypted 4,000+ devices and 120 VMware ESXi servers. This report also indicates the group developed a data leak website for screenshots of the files supposedly stolen during the attack.
The Conti ransomware group is a ransomware operations team based in Russia. It is alleged this group also operates in several other countries throughout the area that previously comprised the Soviet Union. Conti attacks targets in the United States and Europe. Conti ransomware hackers use a double-extortion technique. This approach is centered on attackers extorting a target to pony up traditional currency or cryptocurrency for a decryptor. If the ransom is paid, Conti deletes the stolen data. However, there is no guarantee the compromised data will be stolen.
The Conti ransomware group is demanding millions of dollars from Shutterfly. However, a Shutterfly spokesperson did not provide information when media outlets requested additional comments aside from the press release.
A former National Security Agency elite hacker, Jake Williams, states the Conti data leak website holds Shutterfly data, yet the teaser data is not highly sensitive. Nor does the Conti blog contain a considerable amount of customer data such as passwords and hashes.
Will Shutterfly pay the Ransom?
Williams states that he anticipates Shutterfly’s decision to pay or not pay the requested ransom will hinge on whether it interrupts the company’s business. He went on to state organizations are becoming wiser, regarding the impact of ransomware extortion. The value of information releases stemming from ransomware attacks decreases with each passing day as the web is quickly becoming saturated with corporate data.