US-based supply chain SaaS vendor Blue Yonder has revealed a service disruption caused by ransomware, and its customers are reportedly struggling to get goods onto shelves as a result.

The vendor last week informed customers that on November 21 it “experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident.”

On November 23 the firm updated its post with news that “The Blue Yonder team is continuing to work around the clock, together with our external cyber security firms, to safely restore systems, resulting in steady progress.”

But the next day it conceded that the work hadn’t progressed to the point at which it was willing to forecast when the managed services environment would resume operations.

We’ve asked Blue Yonder to detail the incident, and it told us it’s worked with external cyber security firms “to make progress in their recovery process” and “implemented several defensive and forensic protocols.” But that’s all we know for now.

Blue Yonder’s customers, however, are reportedly suffering.

The Wall Street Journal reports that payroll and staff scheduling systems at “coffee” chain Starbucks are in strife as a result of the incident – but it remains capable of selling its wares.

UK Trade publication The Grocer reports that supply chains are kinked at UK retailers Morrisons and Sainsbury’s.

Morrisons told the publication it’s reverted to a backup process, “but the outage has caused the smooth flow of goods to our stores to be impacted.” Sainsbury’s has also reportedly fallen back on its Plan B for supply chain management.

CNN reports that Blue Yonder is working to ensure US-based customers aren’t impacted.

The Register asked Blue Yonder for details on how it became infected, the data impacted in the incident, the identity of the attacker, and any ransom demand, but its only response was the generic PR reply above.

The incident highlights the potential for ransomware, or other systems failures, to disrupt vital supply chains – as happened when ransomware took out gas supplier Colonial Pipeline. Thankfully, this attack appears not to be making it hard to shop for Thanksgiving feasts in the US, and has come (hopefully) too far before Christmas to put that holiday’s retail peak at risk. ®