12,000 employees company with a team of CISSP, CEH confirms second ransomware attack in 6 months

Pitney Bowes, a major parcel delivery and logistics company, has revealed a new ransomware incident, so it’s already two encryption malware attacks in less than seven months affecting this company. This new attack was revealed after Maze, a group of dangerous cybercriminals, claimed responsibility for the incident, experts in cloud security course mentioned.

Threat actors also released 11 screenshots as evidence of improper access to the company’s networks. Subsequently, a representative of Pitney Bowes acknowledged the intrusion: “We detected a security incident related to the Maze ransomware; we are investigating the extent of the infection, which appears to be limited.”

The company mentions that it is already working with external security consultants to take action and begin the incident recovery process: “At this time, there is no evidence of greater unauthorized access to our IT systems,” Pitney Bowes’ representative said, adding that “the investigation is still ongoing.”

The previous ransomware attack occurred in October 2019, when the company’s critical systems were encrypted by a hacker group using the Ryuk ransomware. Because of that incident, the company had to stop its shipping tracking systems for a short time.

According to cloud security course service specialists, the Ryuk and Maze ransomware groups are samples of what is known as “human-operated ransomware.” These types of ransomware infections occur after attackers compromise a company’s network and take manual control of the malware to expand their access to as many internal systems as possible before running the actual ransomware to encrypt data and demand ransom.

However, unlike Ryuk, Maze ransomware operators also run a website where they publish information about their latest victims, including confidential documents from the companies attacked as a way to put pressure on victims. Although other cybercriminal groups use similar methods, cloud security services course experts point out that Maze was the first hacker group to do this.   

The International Institute of Cyber Security (IICS) notes that Maze operators have been linked to multiple high-profile incidents, such as those in Chubb, Cognizant, the Pensacola government, among others. Year after year these attacks increase and are increasingly effective, so they represent million-dollar losses for the affected companies. In addition, the development capacity of threat actors makes them increasingly dangerous, so companies could start considering new methods of protection.