Blue Yonder ransomware attack disrupts grocery store supply chain
by Bill Toulas · BleepingComputerSupply chain management firm Blue Yonder is warning that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK.
Blue Yonder (formerly JDA Software) operates as a Panasonic subsidiary with an annual revenue of over a billion USD and 6,000 employees.
The company offers AI-driver supply chain solutions to retailers, manufacturers, and logistics providers, encompassing demand forecasting, inventory optimization, and transportation management.
Among its 3,000 customers are high-profile organizations like DHL, Renault, Bayer, Morrisons, Nestle, 3M, Tesco, Starbucks, Ace Hardware, Procter & Gamble, Sainsbury, and 7-Eleven.
Ransomware attack disrupts supply chain
On Friday, the company warned that it was experiencing disruptions to its managed services hosting environment due to a ransomware incident that occurred the day before, on November 21.
"On November 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident," reads the announcement.
"Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols."
Blue Yonder claims it has detected no suspicious activity in its public cloud environment and is still processing multiple recovery strategies.
The managed services environment refers to the infrastructure and systems that Blue Yonder operates on behalf of its customers, typically including SaaS platforms and cloud-hosted solutions for supply chain operations.
As expected, this has impacted clients directly, as a spokesperson for UK grocery store chain Morrisons has confirmed to the media they have reverted to a slower backup process. Sainsbury told CNN that it had contigency plans in place to overcome the disruption.
A Saturday update informed customers that the restoration of the impacted services continued, but no specific timelines for complete restoration could be shared yet.
Another update published on Sunday reiterated the same, urging clients to monitor the customer update page on Blue Yonder's website over the coming days.
As of publishing, the company has not issued an update about the situation yet, so it's assumed that the managed services environment remains impacted.
BleepingComputer has not yet seen any announcements from ransomware gangs taking responsibility for the attack at Blue Yonder.
Update 11/26 - The cyberattack at Blue Yonder has reportedly also impacted Starbucks, that has now resorted to paying its staff via manual procedures.