Hackers compromise Billtrust brand

Security analysts were surprised to learn of a ransomware attack at Billtrust, a B2B financial services provider. The company reported the incident on Oct. 17, 2019. Brian Krebs, analyst and principal at Krebs on Security, interviewed Billtrust CEO Steven Pinado that same day and published highlights from their conversation in a blog post titled “Ransomware Hits B2B Payments Firm Billtrust.”

Noting that Billtrust is assessing damages with the help of law enforcement and a third-party security firm, Krebs reported the ransomware attack was initially disclosed by Wittichen Supply, a Billtrust customer. Billtrust leaders are working hard to repair damages to their network, services and reputation as a trusted service provider, he stated.

“Pinado said Billtrust had restored most of its systems, and that it was in the process now of putting additional security measures in place,” Krebs wrote. “He declined to discuss anything related to the ransomware attack, such as whether the company paid a ransom demand in exchange for a key to unlock files scrambled by the malware, although he allowed Billtrust does have cybersecurity insurance for just such occasions.”

Screen, monitor third parties

Billtrust has not shared specifics about the particular malware strain or steps it is taking to restore its online services but is fully cooperating with authorities and keeping customers up to date, Krebs noted. While the company has chosen not to disclose the ransomware’s footprint and DNA, Krebs cited an unnamed security expert who believes the malware is a strain of the BitPaymer ransomware that may have been executed using a command-line tool.

Pinado emphasized that once it became aware of the malware, Billtrust stopped activity within its systems and began to focus on control, remediation and protection. These actions interfered with certain systems, which were no longer available to Billtrust customers. The company will keep customers and suppliers notified as it continues to work on identifying the vulnerabilities that led to the attack and to fully restoring services, he stated.

Elad Shapira, head of research at Panorays, pointed out that the Billtrust hack is the most recent example of how cyberattacks, including ransomware, can extend beyond the perimeter of the single company and affect organizations.

“In this case, the ransomware attack on BillTrust basically caused a denial-of-service attack on at least one of their customers,” he stated. “Companies need to be aware of the risk that their suppliers impose on company operations and data. As such, companies need to develop security policies and ensure that their third parties adhere to them. This can be accomplished through comprehensive screening of third parties during the onboarding process, continuous monitoring throughout the business relationship and finally, a policy of what to do when the third party’s security indicates an issue.”

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.