TNT Express Subsidiary is Still Restoring Crypto-Locked Systems
Package-delivery giant FedEx is warning that the global outbreak of NotPetya malware will “materially impact” its profits.
See Also: Spear Phishing, Identity Deception, Ransomware: How to Predict the Future of Crime
FedEx, headquartered in Memphis, Tennessee, says that its TNT Express international courier delivery service subsidiary continues to experience “widespread service delays,” tied, in part, to employees having to use manual processes in the wake of the June 27 malware outbreak.
TNT Express, which has operations in 61 countries and delivers to over 200 countries, was acquired by FedEx in May 2016 for $4.8 billion.
“Our 2018 results will be negatively affected by our TNT Express integration and restructuring activities, as well as the impact of the TNT Express cyberattack,” FedEx warned Monday in a form 10-K annual report filing with the U.S. Securities and Exchange Commission.
The outbreak of NotPetya – aka SortaPetya, Petna, ExPetr, GoldenEye, Nyetya, Diskcoder.C – followed just six week after the outbreak of WannaCry malware. Both targeted flaws in Microsoft Windows that the software giant has since patched (see Ransomware Smackdown: NotPetya Not as Bad as WannaCry).
Security firms said Ukrainian tax software was the initial infection vector for NotPetya, but they note that the malware quickly spread to subsidiaries and business partners, in part, via VPN connections between organizations.
More than 12,000 organizations across at least 65 countries were affected by the NotPetya outbreak, security experts say. Beyond TNT Express, other high-profile victims included Danish shipping giant Maersk, multinational law firm DLA Piper, British advertising firm WPP, Russian oil producer Rosneft, hospitals in the Heritage Valley Health System in Pennsylvania and U.S.-based pharmaceutical giant Merck.
FedEx first warned on June 28 that TNT Express had been affected by NotPetya.
Like many other companies and institutions around the world,we have experienced interference with some of our systems within the TNT network
— TNT UK (@TNTUKOfficial) June 28, 2017
“Immediately following the attack, contingency plans were implemented to recover TNT Express operations and communications systems,” according to FedEx’s SEC filing.
But by Monday, “all TNT Express depots, hubs and facilities are operational and most TNT services are available,” it says. “Nevertheless, customers are still experiencing widespread service delays, including invoicing, and manual processes are being used to facilitate a significant portion of TNT Express operations and customer service functions. We cannot estimate when TNT Express services will be fully restored.”
NotPetya Crypto-Locked TNT Systems
Debate continues to rage over whether NotPetya was inexpertly coded – it’s impossible for victims to get a working decryption key, even if they decided to pay the ransom – or whether attackers disguised the malware to look like ransomware (see Latest Ransomware Wave Never Intended to Make Money).
And the disruptions at TNT Express are due, in part, to IT personnel still attempting to restore numerous systems that were crypto-locked and left unusable by the malware.
“Currently, we are focused on restoring remaining operational systems as well as finance, back-office and secondary business systems,” FedEx says. As a result, it’s warning that beyond the cost of the cleanup and recovery operations, “the cyberattack may materially impact our disclosure controls and procedures and internal control over financial reporting in future periods.”
Customers have been tracking delays. On Twitter, for example, user @pieceofone reported July 10 that a package being shipped from China to Portugal on June 24 had been marked as being “in transit” for more than 17 days.
The Twitter user couldn’t be immediately reached for comment. But the TNT website tracking feature reported that the package was eventually delivered, on July 12.
FedEx isn’t the only firm to report that it’s faced long-term delays and disruptions due to NotPetya cleanup. Many organizations and government agencies in Ukraine, for example, were hit hard, although the government has yet to release a precise count of victims or related cleanup costs.
Maersk has also struggled to get all of its systems back online, but it has continued to issue detailed updates to customers on a near-daily basis. Following the outbreak, some ports operated by the shipping giant, for example, were unable to take in new shipments for a week.
We would like to get this week underway with a brief update on some of the activities that matter to your business: https://t.co/XhQ2NNtcGt pic.twitter.com/WXYp209z2v
— Maersk Line (@MaerskLine) July 18, 2017
But by Tuesday, the company reported that most systems have been restored and that it also expected its Android app to once again be able to support a container-tracking feature. “We anticipate the iOS version to be up and running by end of this week,” it said. “Thank you for your patience, trust and support.”