Shutterfly Targeted

Photography company Shutterfly was the victim of a Conti ransomware attack, according to Check Point Research’s latest threat intelligence bulletin.

Some 4,000 devices were encrypted as well as 120 VMware ESXI servers. The stolen data includes legal agreements, bank account information, login credentials, spreadsheets and customer credit cards information.

Matthew Warner is CTO and co-founder at Blumira, a provider of automated threat detection and response technology.

“The double extortion tactic that Conti used in the Shutterfly attack is happening with many ransomware groups today,” he said. “It’s not a good situation to be in when the attackers have taken all of your data and everything is encrypted. A better conversation to have is, ‘they’ve encrypted all of our data and they want money to decrypt it.’ If you don’t have visibility into that data, then your attack is likely to not be covered by cyber insurance, either. The natural evolution of holding data for ransom is to continue that into blackmailing for data exposure. This is one of the main reasons that paying the bounty is almost never a good idea and should be avoided at all costs. Organizations have no way to know that data won’t be exposed after paying. Expecting integrity from criminals is a dangerous game.”

It’s extremely important that organizations focus on detecting the first three steps of a ransomware attack, Warner said. Those are discovery, gaining a foothold and escalating privileges.

“Detection, in addition to being aware as to what data you hold, will allow you to quickly respond to attacks and worst case be sure of post-exploitation handling of a ransomware event,” he said.