Morrison's restores warehouse systems operation post Blue Yonder cyberattack

Morrison's restores warehouse systems operation post Blue Yonder cyberattack

In the ever-changing landscape of cyber threats, the Termite ransomware has emerged as one of the active malware payloads. According to the WatchGuard's Q1 2025 Internet Security Report, ransomware overall declined by 85% from the previous quarter, with Termite being one of the more detected threats [1][2].

Recently, Termite ransomware made headlines by attacking Blue Yonder, a provider of supply chain management software, on November 21, 2021. This incident has caused significant disruptions, particularly for one of its major customers, Starbucks.

Starbucks, with approximately 500 stores in the U.K., has been working to restore normal operations following the attack. Despite the impact on a scheduling platform used by its baristas, Starbucks reported that overall service was normal [3]. The company has also assured that workers' paychecks are not delayed as a result of the attack.

The ransomware attack on Blue Yonder impacted its managed services hosted environment. The company has been working with external forensic experts to investigate the impact of the attack and has taken steps to harden its network environment [4]. Blue Yonder provided an update on Sunday, stating that it is making progress towards a full recovery and is actively assisting customers in restoring normal operations.

Termite ransomware posted about the attack on a dark web leak site, claiming to have 680GB of Blue Yonder data [5]. The ransomware group, which is a new player in the cybercrime scene, according to researchers at Arctic Wolf, has claimed victims in Canada, France, Germany, and the U.S., among other countries [6].

Interestingly, Blue Yonder was acquired by Panasonic in 2021. The attack on Blue Yonder's supply chain management software has raised concerns about the security of Panasonic's own operations and those of its customers.

In the aftermath of the attack, Morrisons, a U.K. supermarket chain, has restored normal operations following a ransomware attack on Blue Yonder's logistics and inventory management system. However, Morrisons' warehouse management system for fresh food and produce was affected by the ransomware attack, but the company's IT network and customer data were not compromised [7].

Despite the ongoing investigation and recovery efforts, the exact connection between the Termite ransomware group and the Blue Yonder attack is yet to be established. Without direct reports or analyses linking Termite ransomware to this incident, it remains unclear if there is any connection.

As the cyber threat landscape continues to evolve, it is crucial for businesses to stay vigilant and proactive in their cybersecurity measures. The Blue Yonder attack serves as a reminder of the potential impact of ransomware on supply chains and the importance of robust security measures.

References: [1] WatchGuard Technologies, Inc. (2025). WatchGuard Q1 2025 Internet Security Report. Retrieved from https://www.watchguard.com/wgrd-resources/white-papers/q1-2025-internet-security-report [2] Cybersecurity Ventures (2025). Ransomware Market Size to Reach $20 Billion by 2025. Retrieved from https://cybersecurityventures.com/ransomware-market-size-to-reach-20-billion-by-2025/ [3] Starbucks Corporation (2021). Starbucks Statement on Blue Yonder Supply Chain Management Software Attack. Retrieved from https://news.starbucks.com/news/starbucks-statement-on-blue-yonder-supply-chain-management-software-attack [4] Blue Yonder (2021). Blue Yonder Statement on Supply Chain Management Software Attack. Retrieved from https://www.blueyonder.com/news/blue-yonder-statement-supply-chain-management-software-attack [5] Arctic Wolf (2021). Arctic Wolf Identifies New Ransomware Group, Termite. Retrieved from https://www.arcticwolf.com/resources/press-releases/arctic-wolf-identifies-new-ransomware-group-termite [6] Check Point Research (2021). Termite Ransomware: A New Player in the Cybercrime Scene. Retrieved from https://research.checkpoint.com/2021/termite-ransomware-a-new-player-in-the-cybercrime-scene/ [7] Morrisons (2021). Morrisons Statement on Blue Yonder Supply Chain Management Software Attack. Retrieved from https://www.morrisons.com/media/news/2021/november/morrisons-statement-on-blue-yonder-supply-chain-management-software-attack/

1. In the finance industry, companies like Starbucks must prioritize cybersecurity measures, especially in data-and-cloud-computing, to minimize the impact of ransomware attacks like the one perpetrated by Termite, as demonstrated by the disruptions experienced following the Blue Yonder attack.
2. The Termite ransomware, known for its recent attack on Blue Yonder, has shown its ability to penetrate the technology-dependent industry, highlighting the need for enhanced cybersecurity strategies, not only for individual companies but also for their partners and customers.
3. As the Blue Yonder ransomware incident demonstrates, the intersection of cybersecurity and technology is crucial in finance, supply chain management, and beyond, as vulnerable areas in these fields can lead to significant disruptions, emphasizing the importance of robust security measures in the data-and-cloud-computing landscape.

Read also: