Billtrust still recovering from ransomware attack

Online B2B bill payments provider Billtrust is still reeling
from a ransomware attack – unconfirmed reports pin the blame on BitPaymer –
that began last week, but is slowly bringing its systems back online.

Although Billtrust initially didn’t release details in the aftermath of the attack, one of its customers, Wittichen Supply, told its customers Friday that the payment service had “communicated to us that our/your data has not been compromised and they are working around the clock to restore service levels,” with plans “to restore services on a measured schedule.”

The incident “shows that cyberattacks, including ransomware,
extend beyond the perimeter of the single company and affect organizations,”
said Elad Shapira, head of research at Panorays. “In this case, the ransomware
attack on Billtrust basically caused a denial-of-service attack on at least one
of their customers.”

Calling Billtrust “a nexus between
many other businesses” that would make the chain-risk to third parties “significant
and would be hard to mitigate,” Lucy Security CEO Colin Bastable said the
company was an ideal target for ransomware: financial, small employee-base at
around 500 people, cloud and a key intermediary in multiple transactions
between many businesses.” Ransomware attacks on companies of that ilk “can
cover a lot of ground fast, starting with just one malware-bearing email.
Attacks don’t occur in isolation.”

Wittichen posted updates from Billtrust assuring that it regularly
backed up data so it could rebound from such an event and “strongly” encrypted sensitive
data at rest. Billtrust said it was “deploying additional software to help with
mitigation and prevention.” By Monday, the B2B payment firm said its Online BillPay Portal was up and running
so organizations could “view invoices and account payments through 10/16/2019
and make payments online,” according to a notice Wittichen posted.   

Stuart Reed, vice president of Nominet urged companies to try to identify malware and phishing attacks “on the network early” to mitigating their risk. “This needs to be combined with basic cyber hygiene, such as not opening attachments or clicking links unless you know they are legitimate, keeping up to date with system patches and current versions of malware protection,” Reed said.