Billtrust still recovering from ransomware attack

Online B2B bill payments provider Billtrust is still reeling from a ransomware attack – unconfirmed reports pin the blame on BitPaymer – that began last week, but is slowly bringing its systems back online.

Although Billtrust initially didn’t release details in the aftermath of the attack, one of its customers, Wittichen Supply, told its customers Friday that the payment service had “communicated to us that our/your data has not been compromised and they are working around the clock to restore service levels,” with plans “to restore services on a measured schedule.”

The incident “shows that cyberattacks, including ransomware, extend beyond the perimeter of the single company and affect organizations,” said Elad Shapira, head of research at Panorays. “In this case, the ransomware attack on Billtrust basically caused a denial-of-service attack on at least one of their customers.”

Calling Billtrust “a nexus between many other businesses” that would make the chain-risk to third parties “significant and would be hard to mitigate,” Lucy Security CEO Colin Bastable said the company was an ideal target for ransomware: financial, small employee-base at around 500 people, cloud and a key intermediary in multiple transactions between many businesses.” Ransomware attacks on companies of that ilk “can cover a lot of ground fast, starting with just one malware-bearing email. Attacks don’t occur in isolation.”

Wittichen posted updates from Billtrust assuring that it regularly backed up data so it could rebound from such an event and “strongly” encrypted sensitive data at rest. Billtrust said it was “deploying additional software to help with mitigation and prevention.” By Monday, the B2B payment firm said its Online BillPay Portal was up and running so organizations could “view invoices and account payments through 10/16/2019 and make payments online,” according to a notice Wittichen posted.   

Stuart Reed, vice president of Nominet urged companies to try to identify malware and phishing attacks “on the network early” to mitigating their risk. “This needs to be combined with basic cyber hygiene, such as not opening attachments or clicking links unless you know they are legitimate, keeping up to date with system patches and current versions of malware protection,” Reed said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.