Portrait asian photographer creative woman working in office holding camera laptop. Business people employee freelance online marketing.

Shutterfly hit by ransomware attack

Popular photography and image sharing company Shutterfly recently admitted parts of its network had fallen victim to a ransomware attack.

An investigation is underway, with the notorious Conti Ransomware Group believed to be behind the incident, which has led to the stealing and encrypting of data.

Attack disrupts several parts of the Shutterfly network

In its blog post disclosing the incident, Shutterfly clarified which parts of its network were and were not thought to have been affected.

The ransomware attack didn’t affect:

  • Shutterfly.com
  • Snapfish
  • TinyPrints
  • Spoonfloor

Unfortunately, the ransomware attack did lead to disruption for:

  • Groovebook
  • Parts of Lifetouch and BorrowLenses
  • Manufacturing processes
  • Some of Shutterfly’s corporate systems

It is thought that thousands of personal and corporate devices have been compromised due to this attack. However, Shutterfly has stated it believes there is a low probability that any sensitive personal data is at risk. The company said it doesn’t store “credit card, financial account information or the Social Security numbers” of customers.

Conti the culprit as ransom demands emerge

Conti was first named as the perpetrator of this attack by an anonymous source to Bleeping Computer. Conti is reportedly demanding a multi-million dollar ransom payment from Shutterfly. At the same time, a data leak website has also been set up showing screenshots of what are alleged to be files stolen from the business.

The files on display include images of:

  • Legal agreements
  • Financial and account information
  • Credentials
  • Customer information

Despite Shutterfly’s claim that it didn’t hold sensitive financial data, Conti allegedly did acquire this information and has already started leaking credit card details.

Conti has also exploited the Log4j flaw that has garnered significant attention recently.

Conti is notorious for targeting healthcare and educational institutions, primarily in Europe and the United States. They are one of the most active cybercrime groups globally, with cybersecurity experts and intelligence suggesting their activity is continuing to increase.

A waiting game to see what happens next

At the time of writing, Shutterfly continued to direct any questions about the incident back to its initial disclosure.

Of significant interest to many industry analysts is the claim that Conti is leaking credit card details despite Shutterfly stating they didn’t hold such data and that what they did hold wasn’t compromised.

Shutterfly is continuing to collaborate with both law enforcement and cybersecurity specialists to assess the full impact of this ransomware attack. While Shutterfly has said it will provide ongoing updates on the situation, it is unknown whether the company is considering paying the ransom demand or is negotiating with Conti around its terms.

Given the volume of data reportedly already being leaked, there’s a significant chance that even if Shutterfly does pay a sum to Conti that all the stolen data will end up in the hands of other cybercrime groups anyway.

Get in Touch

Fill in the form below to tell us your details, and we’ll get started.