Conti ransomware impacts Shutterfly

BleepingComputer reports that photography and image sharing firm Shutterfly has disclosed being hit by a Conti ransomware attack nearly two weeks ago, resulting in the encryption of more than 4,000 devices and 120 VMware ESXi servers. A dedicated Shutterfly data leak page created by Conti contains screenshots of files claimed to have been stolen during the attack, which reportedly include legal documents, corporate services' login credentials, spreadsheets, and bank and merchant account information, as well as potential customer data and the Shutterfly store's source code, for which the group is reportedly asking for millions of dollars in ransom. While Shutterfly reported that the attack led to disrupted services on their corporate network, BorrowLenses, Lifetouch, and Groovebook, attackers were not able to compromise the Shutterfly.com, TinyPrints, Spoonflower, and Snapfish sites. "We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident," said Shutterfly.