Conti ransomware gang attacks image-sharing company Shutterfly

January 28, 2022
Conti Ransomware Gang Image Sharing Shutterfly Digital Brand Abuse

Shutterfly, an image-sharing company and photography giant, has been hit with a ransomware attack performed by the Conti threat actors. The said attack has encrypted over 4,000 of their clients’ devices and 120 VMware ESXi servers that compromised their corporate data.

Security researchers stated that they had not discovered the negotiation of the victim and the Conti threat group in their research. However, the image-sharing company said they are currently communicating with the threat actors who demand millions of dollars for ransom.

Ransomware threat groups typically steal their victims’ confidential data and documents for days up to several weeks before encrypting them. It is because they can use the stolen data as leverage to demand a higher ransom amount in exchange for the safety of their victims’ compromised data from being released or sold on the dark web.

As a part of a so-called ‘double-extortion’ tactic, the Conti ransomware gang had published a private leak page for Shutterfly, which contains the screenshots of files that they allegedly stole from them.

 

If Shutterfly fails to pay its ransom demands, the stolen data is threatened to be released in public or sold to hackers.

 

The screenshots mentioned by the Conti ransomware gang include financial accounts information, login credentials, legal agreements and documents, spreadsheets, and customer information, which is said to include their credit card details.

Aside from the stolen sensitive data, Conti also said to have Shutterfly’s source code for their e-commerce store. However, researchers have not yet confirmed if the source code is from the main website of the image-sharing company, Shutterfly.com, or another site.

The researchers contacted Shutterfly regarding their findings on the ransomware attack, including how the Conti ransomware gang allegedly holds many sensitive corporate data of the image-sharing company and their clients’ financial information. However, Shutterfly responded that they have teamed up with other cybersecurity services to further learn about the scope of the incident and will give appropriate updates as they can.

The Conti ransomware gang has been notorious within the cybercrime landscape and is run by Russian hackers who also operated on malware infections like BazarLoader, Ryuk, and Trickbot. Upon gaining access to their victims’ internal servers, they spread all over their networks to steal data and execute ransomware.

About the author

Leave a Reply