A ransomware attack on supply chain management software provider Blue Yonder has caused significant disruptions for some of the company’s customers, including several major firms. 

Arizona-based Blue Yonder revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to a ransomware attack. 

The company immediately launched an investigation and started working on restoring impacted services. In the latest update shared on its website on November 24, Blue Yonder said it had been making steady progress, but did not have a timeline for fully restoring services. 

Blue Yonder said it hired a cybersecurity firm to assist its investigation and restoration efforts, but did not share any other information on the attack itself.

No known ransomware group appears to have taken credit for the attack. However, these types of cybercrime groups only name victims and leak data (if they have stolen any) if the victim refuses to pay up or negotiations stall. 

Blue Yonder provides an end-to-end supply chain platform and claims to have over 3,000 customers across 76 countries, including retailers, manufacturers and logistics services providers.

Several high-profile customers have confirmed being impacted by the service disruptions at Blue Yonder. One of them is Starbucks, which said the incident impacted its ability to pay baristas and manage employee schedules. 

In the UK, two of the biggest grocery store chains — Morrisons and Sainsbury’s — have been hit, according to The Grocer.

Morrisons, which uses Blue Yonder solutions for warehouse management, has been using a manual backup system due to the outage. The supermarket said the incident has impacted deliveries from suppliers and the availability of some products. 

Sainsbury’s also confirmed being hit, but said it has procedures in place to mitigate the impact of the incident. 

According to CNN, Blue Yonder solutions are also used by US grocery chains, including Albertsons and Kroger, as well as other types of companies such as Ford, Procter & Gamble, and Anheuser-Busch, but it’s unclear if they have been impacted in any way.

Related: Polyfill Supply Chain Attack Hits Over 100k Websites 

Related: GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains

Related: Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets

Related: North Korean APT Exploited IE Zero-Day in Supply Chain Attack