fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Shutterfly Services Disrupted by Conti Ransomware Attack

Shutterfly Services Disrupted by Conti Ransomware Attack

Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data.

Although many associate Shutterfly with their website, the company’s photography-related services are aimed at consumer, enterprise, and education customers through various brands such as GrooveBook, BorrowLenses, Shutterfly.com, Snapfish, and Lifetouch.

The main website can be used to upload photos to create photo books, personalized stationary, greeting cards, post cards, and more.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Shutterfly suffers a Conti ransomware attack

On Friday, a source told BleepingComputer that Shutterfly suffered a ransomware attack approximately two weeks ago by the Conti gang, who claims to have encrypted over 4,000 devices and 120 VMware ESXi servers.

While BleepingComputer has not seen the negotiations for the attack, we are told that they are underway in progress and that the ransomware gang is demanding millions of dollars as a ransom.

Before ransomware gangs encrypt devices on corporate networks, they commonly lurk inside for days, if not weeks, stealing corporate data and documents. These documents are then used as leverage to force a victim to pay a ransom under the threat that they will be publicly released or sold to other hackers.

Conti has created a private Shutterfly data leak page containing screenshots of files allegedly stolen during the ransomware attack, as part of this ” double-extortion” tactic. The attackers threaten to make this page public if a ransom is not paid.

Private data leak page on Conti dark web site
Private data leak page on Conti dark web site

BleepingComputer has been told that these screenshots include legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and what appears to be customer information, including the last four digits of credit cards.

Conti also claims to have the source code for Shutterfly’s store, but it is unclear if the ransomware gang means Shutterfly.com or another website.

After contacting Shutterfly on Friday about the attack, BleepingCompuer was sent a statement confirming the ransomware attack late Sunday night. 

Also Read: Data Protection Officer Singapore | 10 FAQs

This statement, shown in its entirety below, says that the Shutterfly.com, Snapfish, TinyPrints, or Spoonflower sites were not affected by the attack. However, their corporate network, Lifetouch, BorrowLeneses, and Groovebook had disrupted services.

“Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.”

“As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.” – Shutterfly.

While Shutterfly states that no financial information was disclosed, BleepingComputer was told that one of the screenshots contains the last four digits of credit cards, so it is unclear if there is further, and more concerning, information stolen during the attack.

When BleepingComputer reached out to Shutterfly about the screenshot they referred us back to the original statement.

The Conti ransomware gang

Conti is a ransomware operation believed to be operated by a Russian hacking group known for other notorious malware infections, such as Ryuk, TrickBot, and BazarLoader.

This operation runs as a Ransomware-as-a-Service, where the core team develops the ransomware, maintains payment and data leak sites, and negotiates with victims. They then recruit “affiliates” who breach the corporate network, steal data, and encrypt devices.

As part of this arrangement, ransom payments are split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount.

Conti commonly breaches a network after a corporate device becomes infected with the BazarLoader or TrickBot malware infections, which provide remote access to the hacking group.

Once they gain access to an internal system, they spread through the network, harvest data, and deploy the ransomware.

Conti is known for attacks on other high-profile organizations in the past, including Ireland’s Health Service Executive (HSE) and Department of Health (DoH), the City of TulsaBroward County Public Schools, and Advantech.

Due to the increased activity by the cybercrime gang, the US government recently issued an advisory on Conti ransomware attacks.

Update 12/27/21: Updated with response about financial information in stolen data.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us