Pitney Bowes Hit by Ransomware for Second Time

Written by

A major mailing technology firm has been hit by ransomware for the second time in just seven months, after the notorious Maze gang struck.

The group is known for stealing sensitive files from targeted organizations before encrypting systems, in order to force a ransom payment.

This is what it appears to have done with US firm Pitney Bowes, although it claimed that the encryption part was unsuccessful.

“Recently, we detected a security incident related to Maze ransomware. We are investigating the scope of the attack, specifically the type of data that had been accessed, which appears to be limited,” noted a statement from the firm.

“Working with our third-party security consultants, we immediately took critical steps to thwart the attack before data could be encrypted. At this point, there is no evidence of further unauthorized access to our IT systems. The investigation remains ongoing.”

However, screenshots posted by Maze seem to indicate that information on employees, and sensitive financial and customer data, may be in the hands of the attackers.

The previous attack on Pitney Bowes is believed to have been carried out by the equally prolific Ryuk group.

At the time the firm admitted that it had “encrypted information on some systems and disrupted customer access to our services.” These included SendPro products, postage refill and Your Account access.

According to Microsoft, Maze is one of several groups that have been targeting hospitals during the COVID-19 crisis, with sophisticated attack techniques more akin to APT groups, including credential theft, lateral movement, reconnaissance, persistence and data exfiltration.

In the past it has been known to target virtual desktop endpoints without multi-factor authentication, end-of-life platforms like Windows Server 2003, misconfigured web servers and vulnerabilities in Citrix Application Delivery Controller (ADC) and Pulse Secure VPN systems.

What’s hot on Infosecurity Magazine?