Shutterfly Hit with Ransomware Attack

Colin Thierry Colin Thierry

Photography company Shutterfly announced in a Dec. 26 statement that it had been hit by a ransomware attack that impacted some of its services. This attack made Shutterfly the latest in a string of companies to be targeted by hackers in a ransomware attack.

The company noted in the statement, which is posted to its website, that the incident had impacted significant portions of the LifeTouch and BorrowLenses businesses, Groovebook, manufacturing, and some corporate systems. However, and other related websites were not hit in the attack.

“We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident,” Shutterfly wrote in the statement. “As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected.”

As of Sunday, the company was not aware of what data had been compromised, but it emphasized that credit card numbers, Social Security numbers, and other sensitive information were not stored in Shutterfly’s system.

“None of that information was impacted in this incident,” the company wrote. “However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.”

According to multiple reports on Monday, the Conti hacking gang was behind the ransomware attack, which involved encrypting around 4,000 Shutterfly devices beginning the week of Dec. 13. Reportedly, the hackers were also demanding millions of dollars in ransom payments and threatened to release stolen pages of legal agreements, login credentials, and other sensitive information if their demands were not met.

The Conti ransomware strain is one of the most common strains currently in use by hackers around the world. A coalition of US federal agencies issued a joint alert in September warning organizations to be vigilant of the dangers related to Conti ransomware attacks.

As of September, the agencies noted that around 400 US and international groups had fallen victim to the ransomware variant, including healthcare and first responder organizations.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.