{
	"id": "c4c4af44-ef9b-475f-901e-d3c8687792a8",
	"created_at": "2026-04-06T00:18:52.201799Z",
	"updated_at": "2026-04-10T03:33:30.040126Z",
	"deleted_at": null,
	"sha1_hash": "c908cbcd30555ffd6219dcaec7e84fea8656e423",
	"title": "Shutterfly services disrupted by Conti ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2270378,
	"plain_text": "Shutterfly services disrupted by Conti ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2021-12-27 · Archived: 2026-04-05 20:44:50 UTC\r\nPhotography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted\r\nthousands of devices and stole corporate data.\r\nAlthough many associate Shutterfly with their website, the company's photography-related services are aimed at consumer,\r\nenterprise, and education customers through various brands such as GrooveBook, BorrowLenses, Shutterfly.com, Snapfish,\r\nand Lifetouch.\r\nThe main website can be used to upload photos to create photo books, personalized stationary, greeting cards, post cards,\r\nand more.\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nShutterfly suffers a Conti ransomware attack\r\nOn Friday, a source told BleepingComputer that Shutterfly suffered a ransomware attack approximately two weeks ago by\r\nthe Conti gang, who claims to have encrypted over 4,000 devices and 120 VMware ESXi servers.\r\nWhile BleepingComputer has not seen the negotiations for the attack, we are told that they are in progress and that the\r\nransomware gang is demanding millions of dollars as a ransom.\r\nBefore ransomware gangs encrypt devices on corporate networks, they commonly lurk inside for days, if not weeks, stealing\r\ncorporate data and documents. These documents are then used as leverage to force a victim to pay a ransom under the threat\r\nthat they will be publicly released or sold to other hackers.\r\nConti has created a private Shutterfly data leak page containing screenshots of files allegedly stolen during the ransomware\r\nattack, as part of this \" double-extortion\" tactic. The attackers threaten to make this page public if a ransom is not paid.\r\nPrivate data leak page on Conti dark web site\r\nBleepingComputer has been told that these screenshots include legal agreements, bank and merchant account info, login\r\ncredentials for corporate services, spreadsheets, and what appears to be customer information, including the last four digits\r\nof credit cards.\r\nConti also claims to have the source code for Shutterfly's store, but it is unclear if the ransomware gang means\r\nShutterfly.com or another website.\r\nAfter contacting Shutterfly on Friday about the attack, BleepingCompuer was sent a statement confirming the ransomware\r\nattack late Sunday night. \r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/\r\nPage 3 of 5\n\nThis statement, shown in its entirety below, says that the Shutterfly.com, Snapfish, TinyPrints, or Spoonflower sites were not\r\naffected by the attack. However, their corporate network, Lifetouch, BorrowLeneses, and Groovebook had disrupted\r\nservices.\r\n\"Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not\r\nimpacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and\r\nBorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing\r\ninterruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working\r\naround the clock to address the incident.\"\r\n\"As part of our ongoing investigation, we are also assessing the full scope of any data that may have been\r\naffected. We do not store credit card, financial account information or the Social Security numbers of our\r\nShutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that\r\ninformation was impacted in this incident. However, understanding the nature of the data that may have been\r\naffected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.\" -\r\nShutterfly.\r\nWhile Shutterfly states that no financial information was disclosed, BleepingComputer was told that one of the screenshots\r\ncontains the last four digits of credit cards, so it is unclear if there is further, and more concerning, information stolen during\r\nthe attack.\r\nWhen BleepingComputer reached out to Shutterfly about the screenshot they referred us back to the original statement.\r\nThe Conti ransomware gang\r\nConti is a ransomware operation believed to be operated by a Russian hacking group known for other notorious malware\r\ninfections, such as Ryuk, TrickBot, and BazarLoader.\r\nThis operation runs as a Ransomware-as-a-Service, where the core team develops the ransomware, maintains payment and\r\ndata leak sites, and negotiates with victims. They then recruit \"affiliates\" who breach the corporate network, steal data, and\r\nencrypt devices.\r\nAs part of this arrangement, ransom payments are split between the core group and the affiliate, with the affiliate usually\r\nreceiving 70-80% of the total amount.\r\nConti commonly breaches a network after a corporate device becomes infected with the BazarLoader or TrickBot malware\r\ninfections, which provide remote access to the hacking group.\r\nOnce they gain access to an internal system, they spread through the network, harvest data, and deploy the ransomware.\r\nConti is known for attacks on other high-profile organizations in the past, including Ireland's Health Service\r\nExecutive (HSE) and Department of Health (DoH), the City of Tulsa, Broward County Public Schools, and Advantech.\r\nDue to the increased activity by the cybercrime gang, the US government recently issued an advisory on Conti ransomware\r\nattacks.\r\nUpdate 12/27/21: Updated with response about financial information in stolen data.\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/"
	],
	"report_names": [
		"shutterfly-services-disrupted-by-conti-ransomware-attack"
	],
	"threat_actors": [
		{
			"id": "dcba8e2b-93e0-4d6e-a15f-5c44faebc3b1",
			"created_at": "2022-10-25T16:07:23.816991Z",
			"updated_at": "2026-04-10T02:00:04.758143Z",
			"deleted_at": null,
			"main_name": "Lurk",
			"aliases": [],
			"source_name": "ETDA:Lurk",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434732,
	"ts_updated_at": 1775792010,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c908cbcd30555ffd6219dcaec7e84fea8656e423.pdf",
		"text": "https://archive.orkl.eu/c908cbcd30555ffd6219dcaec7e84fea8656e423.txt",
		"img": "https://archive.orkl.eu/c908cbcd30555ffd6219dcaec7e84fea8656e423.jpg"
	}
}