Another Ransomware Attack Hits the Software Supply Chain
And yes, it’s the legacy IaaS again—the bread and butter of ransomware operators. This time, it’s Blue Yonder, a warehouse and logistics management software provider, which confirmed a ransomware attack on November 21st.
What is Blue Yonder, and Who is Affected?
Blue Yonder’s software helps businesses optimize inventory management, forecast demand, and streamline logistics. Global retail stores are among its customers, and disruptions are currently being reported in the UK’s two largest grocery chains (Morrisons and Sainsbury’s), as well as in stores in the USA (Starbucks, among others).
Echoes of Past Ransomware Disasters
The incident echoes the disaster with ransomware at CDK Global (see here), a provider of Dealer Management System (DMS) software for 15,000 car dealerships across the USA, which ended up impacting car sales across the country during Q3/2024.
So the worry with Blue Yonder is pretty much the same: the software is embedded in many critical supply chain operations across global retail stores. Disruptions to its services could have widespread ripple effects across its customer base.
Legacy Infrastructure: A Persistent Weak Link
Interestingly, as with CDK, it appears the ransomware attack at Blue Yonder is affecting the legacy infrastructure based on hosted managed servers (Windows or Linux). Like many other software vendors, Blue Yonder is engaged in moving its customer base to cloud-native SaaS offerings (in their case, based on Microsoft Azure). However, that’s a long process, so there’s an entire line of business dedicated to legacy solutions hosted in traditional IaaS and packaged as managed services by Blue Yonder. Unfortunately, these environments are something ransomware operators have become quite good at exploiting.
Limited Impact on SaaS Customers
Blue Yonder now says only its managed services hosted environment has been affected, while its Azure public cloud environment appears to be free of suspicious activity. That probably implies customers using the SaaS solutions hosted in Azure are not disrupted. A similar dynamic played out at CDK Global and at the British Library last year.
No Timeline for Recovery
As of today, the company has yet to establish a timeline for full restoration.
⤵️ Incidentally, in a recent webinar, we’ve been discussing the key predictors of ransomware attacks, with legacy infrastructure as a key contributor—watch in our video excerpt.