conti attacks Shutterfly inc.
Shutterfly Inc. Targeted by Conti Ransomware Group
Company Profile
Shutterfly Inc., headquartered in Redwood City, California, is a prominent player in the online retail and photography manufacturing industry. The company, which boasts a workforce of approximately 7,094 employees, generates over $2 billion in annual revenue. Shutterfly Inc. offers a wide range of photography-related services to consumers, enterprises, and educational institutions through its various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch.
Vulnerabilities and Impact
In December 2021, Shutterfly fell victim to a ransomware attack orchestrated by the Conti group. This cyberattack encrypted more than 4,000 devices and 120 VMware ESXi servers owned by the company. The breach led to the unauthorized access and theft of sensitive employee data, such as names, salary details, and information related to FMLA leave and workers’ compensation claims. Shutterfly publicly acknowledged the data breach on March 22, 2022, and initiated the process of sending data breach notification letters to the impacted individuals.
Response and Mitigation
Shutterfly responded promptly to the ransomware attack by disconnecting affected systems from the network, applying security patches provided by MOVEit, and conducting a thorough forensic investigation with the help of leading cybersecurity firms. While the company did not disclose details regarding the ransom demand, it assured that measures were taken to secure both customer and employee data post-attack.
Previous Attacks
The December 2021 ransomware attack on Shutterfly was not an isolated incident but part of a broader campaign by the Conti group. This campaign targeted numerous organizations across different sectors, including Shell, Deutsche Bank, the University of Georgia (UGA) and University System of Georgia (USG), UnitedHealthcare Student Resources (UHSR), Heidelberger Druck, and Landal Greenparks. Shutterfly's experience underscores the pervasive threat of ransomware attacks and the critical need for vigilant cybersecurity practices.
Sources
- Shutterfly Inc. - Official Website
- Shutterfly Inc. - New Hampshire Attorney General
- Data Breach Alert: Shutterfly, Inc. - URL not found
- Shutterfly discloses data breach after Conti ransomware attack - URL not found
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!