Pitney Bowes, the US-based global shipping and eCommerce giant, informed customers on Monday that select services are unavailable due to a piece of ransomware that infected its systems.
The company announced on Monday that a piece of ransomware encrypted files on some of its systems, rendering them inaccessible to users.
The company blames the disruption on a "malware attack that encrypted information on some systems", which matches how ransomware attacks normally operate.
The incident has impacted the company's mailing system products, Your Account services, the supplies webstore, Software and Data Marketplace downloads, Presorts, and other commerce services.
Security experts believe the attackers used a phishing email or exploited unpatched software to gain access to the company's systems, as phishing and unpatched software have been responsible for the significant majority of attacks over the past several decades.
The company has over 1 million business clients and services over 90 percent of Fortune 500 companies, so the downtime as a result of this attack is sure to cost the company millions of dollars in lost revenue.
Pitney Bowes has declined to elaborate on the attack and detail whether the hackers behind the attack are demanding a ransom payment, but the firm has assured customers that there is no evidence at this time that hackers gained access to any customer or employee data.
A recent study by Trend Micro found that in the first half of 2019, attackers were more strategic when selecting ransomware targets, focusing on larger enterprises and government organizations for a higher payout.
Just this year Norsk Hydro was hit by a ransomware attack that left the company with over $5 million in losses. Most recently, the Danish hearing aid manufacturer Demant revealed that a suspected ransomware attack on its systems in September could potentially cost the company over $95 million in total losses.
To defend against these kinds of attacks, NNT suggests requesting our custom ransomware mitigation kit, detailing all the necessary automated vulnerability checks and group policy templates to automatically fix any weaknesses in your systems before they can be exploited by an attacker.