Service levels have been restored at BillTrust, and we are seeing invoices flow through their system consistently and in a timely manner. We apologize for the temporary interruption and any confusion or frustration this situation may have caused. We understand and value the importance of receiving invoice copies in a timely manner, and we sincerely appreciate your patience while we worked with BillTrust to restore services. BillTrust has been a valued partner for many years, and we empathize with them as they work diligently to recover from the criminal cyber-attacks perpetrated against them.
As a matter of prudence, we recommend you carefully examine your Wittichen Invoice Statement this month and reconcile the invoices on your statement against the printed Ship Tickets given to you at the time of shipment. It is possible, unlikely, but possible, that an invoice on your statement slipped through the cracks during the service outage and was not mailed to you. Reconciling your Invoice Statement against Ship Tickets should eliminate any confusion. However, if you have any questions regarding an invoice on your statement, our Accounts Receivable Department, at 205-251-8500, will be glad to assist you.
Below is a list of FAQ’s BillTrust released regarding the malware attack.
- What happened?
On October 17, 2019 Billtrust identified a criminal malware attack that affected several of the services that we offer to our customers.
- How did you discover the criminal attack?
We have a variety of internal monitoring tools that alerted our systems and security teams to the criminal attack.
- What kind of malware was it?
We can now disclose that this incident exhibits characteristics of a ransomware attack. Our standard security and back-up procedures have been and remain instrumental in our ability to execute the ongoing restoration of services. Out of an abundance of caution, we cannot disclose the precise ransomware strains but will do so as soon as prudently possible.
- Is federal law enforcement involved?
We are in active discussions with federal law enforcement.
- Have you been using a cybersecurity firm?
We are engaged with a nationally recognized cybersecurity firm who has been helping with remediation, prevention, and forensic analysis. Out of abundance of caution, we are not disclosing the name of the firm.
- What have you done to remediate the problem?
We have done many things to remediate the problem including rebuilding production servers, deploying additional end point detection software, and adding additional monitoring with our cybersecurity firm.
- Was any data compromised?
There is currently no evidence that any sensitive data has been compromised. We use strong encryption for sensitive data in our systems, and we regularly back up data in preparation for events like this.
- Is there a risk that this will affect customer systems?
There is currently no evidence that customer systems have been affected and confirmation of this is a key element of our forensic investigation.
- Has the security incident been fully mitigated?
We are confident that we have mitigated this security risk but also recognize there is always risk, and we continue to maintain vigilance.
- What is the expected time until the services come back online?
Service restoration began on Friday, October 18 and services continue to come back online. We are doing this in a carefully measured fashion. We will continue to communicate the status and availability of our solutions frequently. Many of our solutions are available and others are in various stages of recovery as described in the table.
Thanks again for your business and support!!