Global shipping and mailing service Pitney Bowes has fallen foul of a ransomware attack that has encrypted data on its computer systems and disrupted customer access to its online services.
In a statement published on its website, Pitney Bowes advised customers that it did not believe that client data had been compromised and that users’ postage meters were not at risk of infection.
However, warned Pitney Bowes, the ransomware attack against the firm had left customers unable to top-up the credit on their stamping devices, and SendPro products, postage refill, and access to the online account area had all been impacted.
The company has not named the ransomware which infected its systems, or detailed how large a ransom criminals have demanded (or indeed whether the company is prepared to pay a ransom to its extortionists).
“Our technical team is working to restore the affected systems, and it is working closely with third-party consultants to address this matter,” said Pitney Bowes. “We are considering all options to expedite this process and we appreciate our customers’ patience as we work toward a resolution.”
As of Tuesday evening, Pitney Bowes was claiming via its Twitter account that it was “making progress” at recovering systems impacted by the malware infection, although they (perhaps wisely) did not offer a timescale by which it expected to be restored full operations.
It’s always worth remembering that recovering encrypted data is only part of the challenge for companies hit by a ransomware attack.
It’s also extremely important to understand how the malware infection occurred in the first place, and how it managed to bypass security measures and encrypt corporate data. If steps are not taken to plug security holes that a ransomware attack may have exploited there is always the danger that a reinfection might occur.
Earlier this month, the FBI unambiguously advised businesses that it does not recommend paying ransom demands to online criminals – in part because it encourages more ransomware attacks.
Prevention, of course, is always better than cure. Firms should invest in a layered defence to protect their infrastructure, educate staff about the risks, and ensure that a comprehensive reliable backup system is in place so – if the worst does happen – recovery can be expedited.