Mailing and shipping services company Pitney Bowes is recovering from an apparent ransomware attack that encrypted information on systems and locked customers out of its SendPro products, postage refill, and Your Account access, but has not apparently resulted in the compromise of any customer or employee data.
The undisclosed strain of malware was detected on the firm’s systems on Monday 14 October, it said, and as of the evening of Tuesday 15 October, it was still working to recover its systems.
“Upon discovery of the cyber attack, we immediately assembled our Enterprise Outage Response Team to address the situation. We continue to work with third party security experts to resolve the issues. In consultation with our security advisors on this issue, we do not believe there are other client risks. We have seen no evidence that customer accounts or data have been impacted,” it said in a statement.
Whether or not Pitney Bowes pays any ransom – it has not explicitly stated that one has been demanded – will be down to its own internal policies and decision-making, although in its statement it said it was “considering all options to expedite this process”.
Most authorities on ransomware hold that to pay up merely emboldens cyber criminals to continue their campaigns, and offers no guarantee that even if a decryption key is supplied on payment, it will work.
In some previous campaigns, including WannaCry, the Bitcoin wallets to which victims were told to pay ransoms were left unmonitored, and no decryption key was ever supplied, meaning that restoring from backups, if they exist, would be the only way to recover.
The UK’s National Crime Agency advises victims not to pay, and similarly, the US’s Federal Bureau of Investigation’s (FBI’s) most recent guidance on ransomware also explicitly advises not paying a ransom, but notes that “when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees and customers”.
Read more about ransomware
- Apparent links between an emerging ransomware family known as REvil and GandCrab suggests the GandCrab authors are keeping busy despite having “retired” in June 2019.
- One week after being hit by a ransomware attack, hospitals in Alabama are turning away patients while working on recovery, and experts warn of similar attacks in the future.
- Vectra 2019 Spotlight report shows recent ransomware attacks cast a wider net to ensnare cloud, datacentre and enterprise infrastructures.
The National Cyber Security Centre (NCSC) guidance on protecting enterprises from ransomware attacks highlights a number of examples of cyber security best practices that have proven effective against malware, and by extension ransomware infections.
These include establishing fit-for-purpose defences and staff training to block phishing attacks; enacting vulnerability management policies and patching systems; controlling code execution; filtering web browsing traffic; and controlling removable media access.
Over the past couple of years, the NCSC has observed a trend for more targeted ransomware attacks, with cyber criminals setting out to understand the value of their victim’s business and tailor their demands to that perceived value.
A recent Positive Technologies cyber threat report held that both government bodies and enterprise proved more likely to pay higher ransom demands when their day-to-day operations had been crippled.
Separate analysis by McAfee has shown that ransomware attacks more than doubled in the first three months of 2019, with the average demand for payment clocking in at around $36,000 (£28,000).