New \u2018Termite\u2019 ransomware group claims responsibility for Blue Yonder cyberattack | CyberScoop<\/title> <meta name=\"description\" content=\"A newly-formed ransomware group, Termite, has attacked Blue Yonder, causing significant disruptions at major companies.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/termite-ransomware-blue-yonder-disruption\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"New \u2018Termite\u2019 ransomware group claims responsibility for Blue Yonder cyberattack\"> <meta property=\"og:description\" content=\"A newly-formed ransomware group, Termite, has attacked Blue Yonder, causing significant disruptions at major companies.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/termite-ransomware-blue-yonder-disruption\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-12-09T19:21:33+00:00\"> <meta property=\"article:modified_time\" content=\"2024-12-09T19:21:35+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1282\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1733250499g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1732010462g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82845\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82845\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftermite-ransomware-blue-yonder-disruption%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftermite-ransomware-blue-yonder-disruption%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82845 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/termite-ransomware-blue-yonder-disruption\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.592592592593\">\n<div class=\"single-article__header-content\" readability=\"33.020833333333\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/termite-ransomware-blue-yonder-disruption\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The ransomware looks to be a re-worked variant of Babuk. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/82845\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=768,513 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=1024,684 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=1536,1026 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=600,401 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=1011,675 1011w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-2.jpg?resize=1263,843 1263w\" sizes=\"(max-width: 1011px) 100vw, 1011px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"28.19412191582\"><body readability=\"57.142791970803\"><\/p>\n<p>A newly formed ransomware group known as Termite has claimed responsibility for a ransomware attack on Blue Yonder, which disrupted operations at several major companies, including Starbucks and leading U.K. grocery chains Morrisons and Sainsbury\u2019s.<\/p>\n<p>Blue Yonder, headquartered in Arizona, disclosed on Nov. 21 that it was experiencing disruptions within its managed services-hosted environment <a href=\"https:\/\/cyberscoop.com\/blue-yonder-ransomware-impact-starbucks-supermarkets\/\">due to the attack<\/a>. This announcement was followed by confirmations of operational difficulties experienced by its customers, notably affecting Starbucks\u2019 payroll systems and causing warehouse management system issues at Morrisons.<\/p>\n<p>The Termite group claimed responsibility through its Tor-based website, posting that it has exfiltrated 680 gigabytes of data from Blue Yonder, including sensitive information such as databases, email addresses, and over 200,000 insurance documents. The threat actors have threatened to release segments of this data publicly if ransom demands are not met.<\/p>\n<p>In response, Blue Yonder confirmed its awareness of the unauthorized data claims and has enlisted external cybersecurity experts to investigate and address these security breaches. \u201cWe are working diligently to understand the full extent of the situation and to support our affected customers,\u201d the company said in a statement.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Termite group uses ransomware that is a modified version of the Babuk ransomware, whose source code became public due to a leak several years ago.<\/p>\n<p>Termite\u2019s operational footprint, although relatively new, has rapidly expanded. Within a short span, the group has listed multiple victims across various sectors and countries. Recent attacks, in addition to Blue Yonder, include a breach of Conseil Scolaire Viamonde, a French-language school board in Toronto, and the French government of R\u00e9union.<\/p>\n<p>A bulletin <a href=\"https:\/\/www.broadcom.com\/support\/security-center\/protection-bulletin\/termite-ransomware\">published by Broadcom<\/a> last month said that Termite has been rather indiscriminate in its targeting, attacking government agencies, education, disability support services, oil and gas, water treatment, and automotive manufacturing organizations. Alpharetta, Ga.-based Cyble <a href=\"https:\/\/cyble.com\/blog\/technical-look-at-termite-ransomware-blue-yonder\/\">has published technical details<\/a> that examine how the malware functions. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.0763765541741\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/termite-ransomware-blue-yonder-disruption\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New \u2018Termite\u2019 ransomware group claims responsibility for Blue Yonder cyberattack<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3237,3215,282,46,3218,3295,288],"tags":[3238,3219,286,54,3222,3296,294],"class_list":["post-6542","post","type-post","status-publish","format-standard","hentry","category-babuk","category-blue-yonder","category-cybercrime","category-ransomware","category-starbucks","category-termite-ransomware","category-threats","tag-babuk","tag-blue-yonder","tag-cybercrime","tag-ransomware","tag-starbucks","tag-termite-ransomware","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/babuk\/\" rel=\"category tag\">Babuk<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/blue-yonder\/\" rel=\"category tag\">Blue Yonder<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/starbucks\/\" rel=\"category tag\">Starbucks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/termite-ransomware\/\" rel=\"category tag\">Termite ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6542"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6542\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6542,"date":"2024-12-09T13:21:33","date_gmt":"2024-12-09T19:21:33","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82845"},"modified":"2024-12-09T13:21:33","modified_gmt":"2024-12-09T19:21:33","slug":"new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/12\/09\/new-termite-ransomware-group-claims-responsibility-for-blue-yonder-cyberattack\/","title":{"rendered":"New \u2018Termite\u2019 ransomware group claims responsibility for Blue Yonder cyberattack"},"content":{"rendered":"