For the second time in a seven-month span, Pitney Bowes has been hit by a ransomware attack, but cyber experts and financial analysts cautioned against rashly judging the company's security practices - or assuming fiscal doom - with some suggesting that lessons learned from the first attack may have limited the damage of the most recent one.
In an online company statement, Pitney Bowes said attackers breached company systems and accessed "a limited set of corporate file shares" that "contained information used by our business teams and functional groups to conduct business-related activities." Presumably the attackers -- news reports state the actor is the Maze ransomware group -- will threaten to post the contents of these files if Pitney Bowes does not pay up.
However, the malicious encryption portion of the attack failed, as the firm was able to take evasive action and salvage its files. Also on the plus side, Pitney Bowes added that its products and services "remained operational and were unaffected" by the May 4 attack, and there is no evidence that the malware spread to any client or partner systems.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.