The global shipping and mailing services company, Pitney Bowes, announced on October 14th, 2019 that it was the victim of a ransomware attack that locked some of its systems. This attack led to a partial system outage that impacted customer access to some services. Pitney Bowes is a global technology company that provides mailing, e-commerce, shipping, data, financial services and powers billions of transactions for more than 1.5 million clients globally, including around 90% of Fortune 500 companies, according to their press release. The ransomware impacted the company’s mailing system products and blocked access to the “Your Account” service which runs the clients’ postage meters and SendPro products. The company stated that clients are unable to refill postage or upload transactions on its mailing machine, SendPro Online, from the UK and Canada. The company’s statement listed the following systems that are currently working:
- Mailing machines can print indicia if funds are available.
- SendPro C and P devices can print shipping labels from the device.
- SendPro Online in the U.S., SendPro Enterprise, SendSuite Live, SendSuite Express, SensSuite Tracking, SendSuite Tracking Online and relay Hub are all currently operational.
In the press release, Pitney Bowes stated that it has seen no evidence that customer or employee data has been improperly accessed and that they have assembled their Enterprise Outage Response Team to address the situation; they will continue to work with third-party security experts to resolve these and future issues.
Analyst Notes
As always, the primary recovery tool after a ransomware attack is having complete and secure backups that make it possible to restore critical data. Companies are recommended to provide training to their employees on how to recognize suspicious email messages that can deliver malware, including ransomware attacks. Companies may wish to consider “Cyber Insurance” coverage that can limit the financial impact of an attack. It is also recommended to work with third-party security providers, such as the Binary Defense Security Operations Center (SOC), which have the capability to provide 24-hour monitoring of a company’s systems and defend systems against threats. Binary Defense’s Managed Detection and Response solution, Vision, includes advanced features that detect ransomware in the early stages of encrypting files. Vision stops the ransomware program’s execution and contains the infected computer to stop the spread of ransomware through the enterprise, thereby limiting damage and speeding recovery efforts.