Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack. Shutterfly offers photography-related services to consumers, the enterprise, and education through various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch. Today, Shutterfly disclosed that its network was breached on December 3rd, 2021, due to a ransomware attack.
Despite only being in March, we have already seen plenty of headlines in the news this year about organisations suffering from data breaches. Unfortunately photograph retailer Shutterfly has joined the long list after customer and employee information was stolen by Conti ransomware group.
The attack could potentially have both long lasting and damaging impacts on employees and customers whose personal information has been compromised. Stolen data, such as bank account information, could end up being sold, and subsequently bought, on the dark web and used for other crimes, such as fraud and phishing attacks. Shutterfly formally disclosed the breach however it is not known if they have paid a ransom at this point. Paying a ransom to these criminal organisations is never a guarantee of data security and often leads to a double extortion attempt.
Knowing that personal data has been stolen is an awful position to be in, irrespective of whether you’re an employee, a customer or an IT support team trying to recover systems. Therefore, it is the duty of organisations to ensure that they stop ransomware attacks before they execute.
Having Endpoint detection and response (EDR) as your only defence against cyberattacks is no longer enough. EDR solutions need malware to execute before it can be picked up as malicious, and even then, this process can take hours or days. This process is too slow when some of the fastest ransomware encrypts within 15 seconds of being executed. Instead, organisations need to be implementing prevention-first solutions which can stop ransomware attacks before they encrypt.
Solutions, such as deep learning – an advanced subset of AI can stop malware before it has the chance of encrypting data, closing the gap between EDR and the open risk surface. Deep learning delivers a sub-20 millisecond response time stopping a cyberattack before it can execute and take hold of an organisation’s network. With solutions like deep learning, organisations can stop ransomware attacks quicker than a camera’s snapshot, and not have the lingering fear of being the next business to suffer a data breach.
This attack is just the latest example of the growing threat of ransomware and threat actors’ intense focus of getting their hands on any sensitive data from which they can profit. Any business should expect that a ransomware attack could be imminent. This is not alarmism but realism. Proper preparatory actions should include tightening the internal culture of data privacy and security (such as all employees knowing how to treat suspicious emails and inquiries for sensitive information), but more importantly, companies can help to mitigate future attacks by applying data protections directly to sensitive information. For example, by tokenizing data that should not be disclosed, the company can ensure that even if threat actors get their hands on the tokenized data, they cannot leverage or profit from it due to the meaning being obfuscated. The situation with KP Snacks should be viewed as food for thought for other organizations that might be next at the buffet table of cyber-attacks.