Yet another company has been hit by a ransomware attack
Posted October 15, 2019 5:18 p.m. EDT
CNN — Hackers have struck again with yet another ransomware attack.
This time the victim was Pitney Bowes, a technology company based out of Stamford, Connecticut that provides ecommerce, shipping, data and mailing services.
The company confirmed the attack on its website and is currently working to restore the affected systems. Its shipping and mailing services appear to have been hit the hardest by the attack, according to information on the company's website.
"It has been confirmed that our systems have been affected by a malware attack that encrypted information on some systems and disrupted client access to our services. Our technical and operational teams are making progress to restore the affected systems. At this time, the company has seen no evidence that customer or employee data has been improperly accessed," the company said in a statement.
Pitney Bowes did not return a phone call from CNN requesting comment.
Ransomware is a form of malware that is used to infect a computer or network, encrypting files and data, which prevents a user from accessing them. The attackers will then demand a ransom in order to obtain the decryption key in order to regain access to the files and data.
Ransomware is a growing concern, and there have been over 140 attacks targeting public state and local governments and health care providers this year alone, according to cybersecurity firm Recorded Future, which tracks the attacks.
However, the amount of private companies that have faced such attacks is unknown, as many private companies choose not to disclose being affected by ransomware.
"It is viewed as a negative when an organization has been compromised," Ron Schlecht, CEO of security firm BTB Security, told CNN. "Most organizations are compelled to report any type of compromise, but management may still see it as an indication of weakness that may negatively affect the organization."
The FBI says ransomware attacks are becoming more targeted, sophisticated and costly. While ransomware campaigns have sharply declined since last year, the losses from these attacks have increased significantly, according to the FBI.
"We are seeing an increase in targeted ransomware attacks against enterprise networks coupled with a decrease in attacks on individual users," a spokesman for the FBI told CNN.
"We believe the majority of incidents are not disclosed to the public and that law enforcement only receives reporting on a fraction of all actual victims."
Pitney Bowes says that it assembled a response team to address the outage. The company is also working with third party security experts to help resolve any issues, according to its website.
"The ransom should never be paid," said Schlecht. "Paying the ransom rewards attackers, and propagates the issue. In addition, you don't truly ever know if the ransom will result in access to data or if the ransomware will be completely eradicated. Attackers could upcharge for more or come back later after they reactivate the ransomware."
Most importantly, it seems as if the damage was somewhat contained. The company's software and data products are not directly affected because they don't access the backend systems of the company's network, and the company said that it has seen no evidence that customer accounts or data have been impacted.
"Customer information segregated from any other systems is a great idea," Schlecht said. "The separation of functions and infrastructure is an admirable tactic in protecting all systems. Limiting security privileges to what is necessary for business is common in security defenses, and is something that is typically assessed when companies are close partners or are in a vendor/customer relationship."