American photography company Shutterfly has experienced a ransomware attack on parts of its networks, the company confirmed in a statement late Sunday night.
“We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident,” the company said in a statement shared with CyberScoop.
The company declined to comment on whether it was actively negotiating with the cybercriminals behind the ransomware attack. The company says that credit card, financial account information and Social Security numbers were not affected.
“However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing,” the company said.
The attack appears to be the work of the Conti ransomware group, according to screenshots of the gang’s leak page first obtained by cybersecurity news outlet Bleeping Computer. Stolen data shown on the screenshots “include legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and what appears to be customer information, including the last four digits of credit cards.”
Conti runs “double extortion” campaigns in which hackers encrypt and steal files. In the scheme, they demand a ransom from the victim in order to restore access to the systems; if the victim doesn’t pay, the actors threaten to leak the stolen data.
Conti has been linked to several major attacks, including against the Tulsa police and Ireland’s public health system. The Department of Homeland Security’s cybersecurity agency, the FBI and National Security Agency in September warned of an increase of Conti ransomware attacks.
The ransomware attack did not impact Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites, according to the company.
Updated 12/27/21: To include additional information from Shutterfly.