Posted on October 15, 2019 at 8:43 PM
Pitney Bowes Systems taken down by Malware, Suspected to be Ransomware
Pitney Bowes has recently come under a cyberattack, and they are still recovering from it. While it had the potential to be something crippling for the company, Pitney Bowes has assured the public that private information was not stolen.
This announcement was made by Pitney Bowes itself on the 14th of October, with a new update coming out on the 15th. Herein, they describe the malware attack as something that encrypted a large part of their system and making it unusable. This has the hallmarks of a ransomware attack, but Pitney Bowes has mainly kept the attack unspecified.
With their announcement, they assured the public that their technical team is hard on the case to break out of this malware. They went as far as activating its Enterprise Outage Response Team to help their IT Department. Coupled with that, they are working with a mysterious third party consultant to help with the issue.
For the most part, the services affected are mail-focused products. Postage machines can’t be refilled, Sendpro Online in both the UK and Canada are down. The Pitney Bowes Supplies web store and Your Account can’t be accessed as well.
The way Pitney Bowes had prepared for such an event will directly affect how much money this will cost them in the end. A significant factor of this would be the backups they had before this. That coupled with the relative skill of their cybersecurity team.
Rajeev Gupta, co-founder and Chief Product Officer of Cowbell Cyber, had released a statement of the attack. He expressed that the costs in the aftermath of this attack are related to many factors. All these factors could very quickly pile up on Pitney Bowes.
Things like revenue loss, third party forensic experts, lawsuits, and general breach notification have the potential to deal a heavy blow to the company. Gupta stated that cybersecurity insurance could help immediately with this problem. This is especially so if the cyber policy was up to date with the number of records that should be covered.
Gupta stressed the importance of continuous underwriting of cyber policies, which would eliminate any insurability gaps.
One Among Many
While Pitney Bowes didn’t admit it, this attack bears the hallmarks of ransomware. Ransomware is when criminals write a malicious program that encrypts the files on your system, demanding a payment of funds to decrypt it and allow you to access it. Usually, they also threaten to permanently delete it if you decide not to pay for a certain amount of time.
All in all, it’s a very unpleasant piece of software.
Pitney Bowes, however, isn’t the only one suffering from these attacks. Last week, the FBI warned against so-called ‘high impact’ ransomware attacks that will target larger businesses. Here we are with Arizona Beverages, Norsk Hydro, and Eurofins having reported ransomware attacks before this.
FedEx and Maersk have also fallen prey to ransomware. However, that’s probably not connected to the FBI warning they sent out last week, having happened at least months prior.
An Announcement to Victims
As Pitney Bowes is a huge company, a large group of people have been affected by what is essentially a part system shutdown of Pitney Bowes. While all the gears are grinding to a standstill, the company faces losing millions as all the functions that they need stops working. Thus, this article would like to stop any potential fearmongering with facts.
Pitney Bowes has stated, on many occasions, that the personal data of both employees and customers are safe. Usually, that can be jotted off as just a PR move, but considering the nature of the attack, it could be believable.
Ransomware is something that shuts down whatever it can encrypt and keeps it locked down. This forces the victims to pay whatever amount the hacker decided to charge, usually via bitcoin. That being said, there is already a scheme to make money without relying on data theft. This scheme would doubtlessly have been complicated due to Pitney Bowes’s extensive security.
No one should ever trust a company that says they’re not all for profit. However, in this case, fears should be tempered by the simple fact that ransomware already gives criminals money. Criminals want easy targets, and the ones that take risky dives like these tend to go in with just one plan.
As always, be safe. And practice safe online practice, linked here.