(Photo: Rob Engelaar/AFP/Getty Images)

UPDATE 10/16: Pitney Bowes said today that its postage refill system is "up and running" for US postage meter users, though "increased volume" means they might still run into problems.

"If you receive an error during your first refill, please reboot the system by turning off and on," the company said on its website.

Pitney Bowes also confirmed that this was a ransomware attack—specifically the Ryuk virus, which also hit several Florida cities and Tribune Publishing's software systems last year. "We are making progress to restore other systems impacted by the Ryuk virus and are still experiencing some outages that impact our client facing operations," it said.

As of 7 a.m. ET, Pitney Bowes says these systems ARE working for clients with postage meters and SendPro products:

Mailing machines can print and refill with postage. SendPro C can print postage with funds remaining, we are working on the final stages of connecting this device to the refill system.

SendPro C and P devices can print shipping labels from the device

SendPro Online (U.S, UK and Canada), SendPro Enterprise, SendSuite Tracking Online (SSTO) and Relay Hub are all operational

These systems are currently NOT working:

Hosted instances of SendSuite Live, SendSuite Express, SendSuite Tracking (SST)

Accounting solutions such as Inview, Business Manager and Account List Management

UPDATE 10/15: In an email, USPS told PCMag: "The US Postal Service is aware of an event affecting one of our business partners —Pitney Bowes. We are working closely with their representatives to mitigate any potential customer impacts. Mail continues to be processed and delivered throughout our network."

Original story:

An apparent ransomware attack has hit shipping provider Pitney Bowes, preventing businesses from adding postage to their packages and possibly affecting the US Postal Service from sending your mail as well.

Pitney Bowes is blaming the disruption on a "malware attack that encrypted information on some systems," which matches how ransomware infections generally operate.

"Our technical team is working to restore the affected systems, and it is working closely with third-party consultants to address this matter. We are considering all options to expedite this process," the US-based company said in a statement on Monday.

The company, which has over 1 million business clients, is perhaps best known for its postage meters, which can basically stamp a package for you. According to Pitney Bowes, the company's postage meters continue to function, but the attack is preventing clients from refilling their funds to print out more postage.

As a result, some users have taken to social media to post images of their postage machines suffering from IT errors. Access to the Pitney Bowes' Send Pro Online service in the UK and Canada is also currently down.

@PitneyBowes HELP. I've gotten this all 10 (!!!!) times I've tried 2 run certifieds. I unplug, wait 10-15 sec+start over. Not working.I call PB. "We're currently experiencing a system wide outage+will inform you via email when fixed". U couldn't have THAT warning pop up on meter? pic.twitter.com/C0fAmzyLyJ — KathyAlmonte2.0 (@KathyAlmonte2_0) October 14, 2019

In addition, the same attack has hit the company's "presort" mail cataloging service for USPS. However, the US Postal Service is closed today due to the Columbus Day federal holiday, so it remains unclear whether the disruption will delay mail deliveries countrywide. USPS didn't immediately respond to a request for comment.

Pitney Bowes is declining to elaborate on the attack and if the hackers behind the disruption are demanding a ransom. But there's some good news. "At this time, the company has seen no evidence that customer or employee data has been improperly accessed," the shipping provider said in Monday's statement. The company's "cross border" shipping systems also remain unaffected.

When a ransomware hits a business, it typically strikes by encrypting the data on whole fleets of computers. A ransom note is then posted to the computers, demanding the victim pay up, or see all their data wiped. In some cases, the ransoms can reach over $100,000 and into the millions when a major company is hit.

The FBI and security experts generally advise you to never pay off a ransomware attacker. Doing so incentivizes the hackers to strike again when there's actually no guarantee they will decrypt your computer. Nevertheless, many victims —particularly business and even city government— do end up paying the ransoms, which is fueling the hackers to continue to prey on any vulnerable enterprise computers that they can find.

Further Reading

Security Reviews