Mailing and ecommerce services company Pitney Bowes has confirmed some of its systems have been affected by a ransomware outbreak but says that there is no evidence customer data has been compromised.
“Pitney Bowes was affected by a malware attack that encrypted information on some systems and disrupted customer access to some of our services,” a statement issued by the company said. “At this time, the company has seen no evidence that customer or employee data has been improperly accessed.”
The statement said the company’s tech team is working to restore the affected systems. The company is “considering all options to expedite this process and we appreciate our customers’ patience as we work toward a resolution”.
“Upon discovery of the cyberattack, we immediately assembled our Enterprise Outage Response Team to address the situation,” an explanatory web page for customers states. “We continue to work with third party security experts to resolve the issues.”
Customers are unable to load additional funds onto their postage meters but can otherwise continue to use them.
“In consultation with our security advisors on this issue, we do not believe there are other client risks,” a Pitney Bowes FAQ said.
“The meters themselves run operating systems that are not affected. The meters will continue to operate as normal with the funds they have in them, and we will resume normal refill services as soon as possible.”
Some of the company’s SendPro services are operational, but SendPro Online in the UK and Canada are not useable. Customers will be unable to access their online account and the Pitney Bowes Supplies web store, the company said.
Some features of Mail360 and MIPro Licensing products were also affected.
Read more: NAB pushes cyber security for SMB customers
“All cross border solutions, as well as all shipping technology, label generation and tracking solutions were not impacted,” the company said
“Fulfillment, Delivery and Returns clients were impacted and Pitney Bowes is working directly with affected clients to mitigate business disruption.”
Security firm Symantec warned earlier this year that although in 2018 it saw an overall decrease in ransomware infections, there had been significant growth in attacks targeting businesses.
Enterprises had accounted for 81 per cent of all ransomware infections last year, according to Symantec.
Malwarebytes’ August 2019 quarterly cybercrime report said over that although consumer ransomware detections had decreased by 12 per cent year on year it had witnessed “an almost constant increase in business detections of ransomware, rising a shocking 365 percent from Q2 2018 to Q2 2019.”
“The reason behind this shift: Cybercriminals are searching for higher returns on their investment, and they can reap serious benefits from ransoming organizations over individuals, who might yield, at best, a few personal files that could be used for extortion or identity theft,” the report said.
“Encrypting sensitive proprietary data on any number of endpoints allows cybercriminals to put forth much larger ransom demands while gaining an exponentially higher chance of getting paid.”
Pitney Bowes in August announced it would sell its software solutions unit for US$700 million.