Pitney Bowes the postage-focused company, which has labelled itself as “the craftsmen of commerce” has been a victim of a ransomware attack that encrypted the information in its system and disrupted the customer access to the services.
Pitney Bowes is one of the mailing and shipping tech companies with 1.5 million clients across the world, including the Fortune 500. The company provides mailing services to sellers and is widely used by sellers in marketplaces like Etsy and Shopify.
The company said in a statement that its systems were hit by a “malware attack that encrypted information on its systems and disrupted customer access to our services,”.
The firm’s systems undisclosed strain of malware on 14 October.
“Upon discovery of the cyber attack, we immediately assembled our Enterprise Outage Response Team to address the situation. We continue to work with third-party security experts to resolve the issues,” the company said.
The company has seen no evidence that customer or employee data has been improperly accessed. It is still unknown what kind of ransomware encrypted its systems.
Several Customers complained on Twitter that they were unable to perform basic tasks on their account. Some account and product support pages are unavailable.
Ransomware is a kind of malware in which the attacker infects the computer or network, encrypting files and data of the victims which prevents them from further accessing. In order to obtain the decryption key and gain access to the files and data, the victim is forced to pay a ransom.
“As organisations continue to pay high extortion demands, sometimes reaching hundreds of thousands of dollars, cybercriminals are likely to continue perceiving ransomware as a lucrative opportunity,” Alex Guirakhoo, strategic intelligence analyst at Digital Shadows.
Ransomware against enterprise network is growing rapidly while ransomware campaigns have declined sharply. USA’s Federal Bureau of Investigation (FBI) says that Ransomware should never be paid. By paying ransom rewards it is not sure whether the data will be accessed back. The victims were told to pay a ransom in some previous campaigns like WnnaCry, the Bitcoin were no decryption key was supplied, which means to restore from backups was the only way left to recover.
Best ways to practice against ransomware infections
National Cyber Security Centre (NCSC) has put forward a number of cybersecurity best practices,
- Fit-for-purpose defences and staff training to block phishing attacks
- Enacting vulnerability management policies and patching systems
- Controlling code execution
- Filtering web browsing traffic
- Controlling removal media access
You may be interested in reading: EX – YAHOO EMPLOYEE SNEAKS INTO 6000 ACCOUNTS FOR SEXUAL CONTENT