B2B Payments Company ‘BillTrust’ Falls Victim of Ransomware Attack

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

U.S. Business to Business payments service provider ‘BillTrust’, has fallen victim to a ransomware attack that has been going on since last week (October 17). The revelation came from a client of the firm, and not BillTrust directly. At the time of writing this, their payment services remain partially down, although they are reportedly close to resolving the interruption. A cybersecurity firm and federal law enforcement are also involved in the investigation and remediation of the attack’s effects. However, there is still no estimated time for the complete restoration of BillTrust’s services.

BillTrust evokes matters of caution to justify why they do not wish to disclose any details like the ransomware strains right now. Similarly, they have not clarified if they are negotiating with the actors or restoring their systems from offline backups. Bleeping Computer received a tip from unnamed sources, claiming that it was the BitPaymer ransomware that hit BillTrust. This is a strain that we saw recently being used in a campaign that exploited Apple software zero days on Windows installations. The case of BillTrust, however, is a much more grave one, as we’re talking about a company that processes about $30 billion in ACH and card payments every year.

KrebsOnSecurity managed to elicit a comment from Steven Pinado, the CEO of Billtrust, who stated the following: “We’re aware of the malware and have been able to stop the activity within our systems. We immediately started focusing on control, remediation and protection. The impact of that was several systems were no longer available to our customers. We’ve been fighting the fight, working on restoring services and also digging into the root cause.”

The systems that have already been wholly restored are Billtrust Credit and Billtrust eCommerce. On the other side, Virtual Card Capture, Cash Application, Billing & Payments, and VueBill are partially operational. Undoubtedly, this event highlights the importance of investing more in cybersecurity and protection. To get to know more about the details of the incident and whether or not BillTrust paid the malicious actors, or restored from backup. We really hope that the case is the latter, as paying the actors only furthers the vicious circle. Since the authorities are already involved, we may see fines being imposed on the firm, but the primary damage will come from the loss of customer trust and business disruption.

Have something to comment on the above? Let us know in the section down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: