Pitney Bowes Suffers a Data Breach After Another Ransomware Attack

Pitney Bowes Suffers a Data Breach After a Ransomware Attack

On October 14, 2019, mailing equipment manufacturer Pitney Bowes announced that it had become the latest in a long line of victims of the Ryuk ransomware. As TechCrunch noted at the time, Pitney Bowes is a massive company with more than 1.5 million customers, including some Fortune 500 enterprises. Not surprisingly, the attack caused a lot of damage.

How Pitney Bowes dealt with the first ransomware attack

The Ryuk ransomware operators apparently managed to sneak their way deep into Pitney Bowes' systems, and they encrypted some critical parts of the mailing equipment giant's IT infrastructure. The incident was disclosed in an SEC filing, and a special page with regular updates was set up so that customers could know what's going on. Apparently, Pitney Bowes managed to restore the data without paying the ransom, but the process took a lot of time and caused a lot of losses.

One of the few positives things about attacks like these is that after them, targeted companies tend to pay closer attention to security. But has it worked for Pitney Bowes? The operators of the Maze ransomware decided to find out.

The Maze ransomware hits Pitney Bowes

On Monday, Pitney Bowes representatives admitted that the company has suffered its second ransomware attack in seven months. This time, the ransomware is called Maze, the same family that hit Cognizant last month. There is a difference, though.

This time, Pitney Bowes hasn't reported the attack to the SEC, and there is no page updating customers on the progress of the restore effort. That's because this attack appears to be much less successful.

Although it admits that an investigation aided by outside cybersecurity consultants is ongoing, the company appears to be pretty confident that the damage is limited. At this time, all Pitney Bowes services appear to be operational, and this is all thanks to the company's quick reactions. According to the statement, the manufacturer's security team detected the intrusion early on and managed to stop the hackers before they could encrypt any data.

So, it looks like Pitney Bowes has learned its lesson. Evidence published by the Maze ransomware operators, however, suggests that appearances might be deceptive.

The Maze ransomware gang managed to steal some data

The gang behind the Maze ransomware was among the first ones to implement some changes to their operations that gave them much more extortion leverage. In late-2019, they started stealing data from targeted companies in addition to encrypting it. As a result, if a victim is reluctant to pay the ransom, the hackers could threaten to leak sensitive information and potentially cause even more damage. They have even set up a dark web website on which they first announce the names of their victims and later leak the stolen data if the target doesn't comply with the demands.

According to ZDNet, Pitney Bowes has already appeared on Maze's website, and to show that they mean business, the ransomware operators have published personal and official contact details of some of the company's high-ranking officers. According to screenshots they shared, however, they managed to gain access to a lot more than that.

The Maze gang posted the screengrabs in order to prove that they have stolen some pretty sensitive information, and the file names visible on them do suggest that the hackers are in possession of quite a lot of data that belongs to both Pitney Bowes and its customers. The mailing equipment company's actions and negotiations will determine whether it'll be leaked.

May 14, 2020

Leave a Reply