The replies are incredibly elucidating on the impact (things like payroll for Starbucks, and the fact that this is VMWare powered private cloud).
The full text of Kevin Beaumont toots:
The Blue Yonder SaaS ransomware incident is bad.
They got into their Private Cloud environment at hypervisor level, deleted the DR and backup storage, then encrypted all 5 datacenters.
On this - Blue Yonder, aside from doing supply chain management (how many Pot Noodles you should order per day per store etc), they also sell a HR suite called Blue Yonder Workforce Management, or WFM. It's another SaaS solution, does HR stuff, payroll etc. WFM was hosted in their private cloud and is toast.
One of the Blue Yonder things is they have absolutely nothing about the situation on their website - just a list of customers, many of whom are mentioned in the press as suffering. They’re on day four.
I’m sure the silence is intentional, they’re a subsidiary of Panasonic. It seems like this story is just starting to hit the press, and Blue Yonder publicly commenting on it would surely validate concerns around the severity of the incident. It doesn’t really benefit them to proactively communicate at this point.
The full text of Kevin Beaumont toots:
The Blue Yonder SaaS ransomware incident is bad.
They got into their Private Cloud environment at hypervisor level, deleted the DR and backup storage, then encrypted all 5 datacenters.
On this - Blue Yonder, aside from doing supply chain management (how many Pot Noodles you should order per day per store etc), they also sell a HR suite called Blue Yonder Workforce Management, or WFM. It's another SaaS solution, does HR stuff, payroll etc. WFM was hosted in their private cloud and is toast.
One of the Blue Yonder things is they have absolutely nothing about the situation on their website - just a list of customers, many of whom are mentioned in the press as suffering. They’re on day four.
Learning: have a comms plan.
reply