View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Shipping Tech Firm Pitney Bowes Hit by ANOTHER Ransomware Attack

Maze group claims another major scalp

By CBR Staff Writer

Pitney Bowes, a $3 billion by revenue ecommerce and shipping technology provider, has been hit by ransomware for the second time in six months.

The NYSE-listed company confirmed the attack, saying “recently, we detected a security incident related to Maze ransomware.

“We are investigating the scope of the attack, specifically the type of data that had been accessed, which appears to be limited.”

Pitney Bowes is the second high profile victim of the Maze ransomware group in three weeks, with major IT consultancy Cognizant also targeted and breached in late April, knocking out some services.

Cognizant’s CEO admitted in a May 7 earnings call that the attack may end up costing it up to $70 million after customers suspended services in the wake of the incident, but said that the attackers were not able, in this incident, to steal sensitive corporate data (a Maze hallmark).

See also: IT Services Giant Cognizant Hacked: “Maze” Ransomware Hits Systems

The attack comes as law enforcement officers told Computer Business Review that cyber criminals were becoming more sophisticated in the timing of when they trigger ransomware, which is increasingly left dormant on systems for months before being activated by attackers.

As one officer told us in a recent conversation: “They are waiting until the board are distracted or otherwise occupied by something like an IPO, a merger, or a big project and then striking; the board hear something about some pesky IT problem and just want to make it go away.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Pitney Bowes has seen net losses spiral in the wake of the COVID-19 outbreak freezing demand for its services as global trade contracted.

The impact and initial vector of the Maze ransomware attack were not disclosed. The Maze ransomware group typically uses a range of exploits kits, remote desktop connections with weak passwords or sophisticated phishing campaigns to gain access. The ransomware itself is sophisticated, with a bag of tricks baked into its code to avoid detection by security programmes.

Pitney Bowes was hit in October 2019 by a Ryuk ransomware attack that knocked out customer portals and disrupted operations.

The company described it at the time as a “malware attack that encrypted information on some systems and disrupted customer access to our services.”

That incident did not affect its software and data products “because they do not access the backend systems of the Pitney Bowes network.”

See also: Finastra, World’s Third Largest Fintech, Hit by Ransomware

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.