Sainsisons (1)

It has been almost a week since Blue Yonder admitted to The Grocer that ransomware had been detected on its systems

A ransomware attack on forecaster Blue Yonder is still affecting UK supermarket supply chains, almost a week since it started.

Morrisons, which uses Blue Yonder’s demand forecasting and replenishment solution software primarily for fresh produce and chilled foods, said it was continuing to use a back-up system to mitigate the problem.

The availability issues have prompted several shoppers to complain on social media platform X, posting pictures of “empty shelves” across these categories in stores.

Morrisons’ wholesale and convenience customers have also reported an impact to chilled supply, with availability on some lines falling between 50% and 70%.

The Grocer understands, however, the majority of its estate is operating with high levels of supply.

“We are recovering quickly and our back-up system is working well,” said a Morrisons spokesman. “In some supermarkets there are still a few areas and product lines where availability has not yet fully recovered, but we are making good progress.”

Sainsbury’s also put contingencies in place following the outage, but has since restored its service with Blue Yonder.

“We put contingency processes in place to ensure smooth supply for our customers and our service has since been restored,” said a Sainsbury’s spokeswoman.

Blue Yonder’s other retail customers, including Asda, Tesco and Waitrose, remain unaffected, as well as a raft of consumer goods suppliers.

Hackers affecting supply

The attack has also hit Starbucks in the US. A spokesperson for the coffee chain said it had “disrupted a back-end Starbucks process that enables employee scheduling and time tracking”.

The business has reverted to manual processes to ensure employees were paid for their hours worked.

As revealed by The Grocer last week, Blue Yonder admitted that “ransomware has been detected” which was affecting its private cloud. Ransomware is a type of malware attack that locks a victim’s files, systems, or networks and demands payment to regain access.

Blue Yonder’s latest update to customers, posted on 24 November, read: “The Blue Yonder team is working around the clock to respond to this incident and continues to make progress.”

Analysis seen by The Grocer indicates hackers are trading stolen Blue Yonder employee and customer credentials, obtained by hacking their work PCs, on the dark web. No group has yet claimed to be behind the hack.

“Blue Yonder is unfortunately not the first company in the food supply chain to be hit by a ransom, with Microlise hit earlier in November,” said Andrew Martin, CEO of cybersecurity firm DynaRisk.

“Companies should be looking to strengthen identity security and privileged access, ensure all employees are trained on cybersecurity policies and have controls like Endpoint Detection & Response technology deployed, along with backups.

“Companies in the food and beverage supply chain from technology to wholesale and retail should be looking at their security controls and insurance strategy to ensure they are adequately protecting themselves and their customers.”