Ransomware Hits B2B Payments Firm Billtrust (Oct 22, 2019)
The Business-to-business (B2B) payments provider Billtrust was hit with a ransomware attack last week and is still recovering. It has stopped the attack and is dealing with remediation, having restored most of its systems. Billtrust has not declared whether they paid the ransom but are still consulting with law enforcement to determine the extent of the breach.
Recommendation: Your company should have policies in place in regards to maintaining server software in such a way that new security updates are applied as soon as possible. Threat actors will often use vulnerabilities that have already been issued patches because information and proof-of-concept code of an exploit sometimes become available on public sources once a patch has been issued. Actors of all levels of sophistication are known to exploit such vulnerabilities because as this story shows, many users and administrators do not apply security updates.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.