Petya Ransomware: FedEx Halts Stock Trading After Operations Hit By Cyberattack
The Petya ransomware attack that began spreading Tuesday has “significantly affected” the operations of FedEx subsidiary TNT Express, causing the company to halt trading of its stock.
While domestic and international shipping services have remained operational for the most part, the companies acknowledged they have experienced some delays. Other FedEx-owned companies so far are unaffected.
A statement issued by FedEx Wednesday said in the wake of the incident, “worldwide operations of its TNT Express subsidiary have been significantly affected due to the infiltration of an information system virus.”
The attack, which is believed to be related to the Petya ransomware attack, has affected the computer systems managing TNT Express operations and communications. The company noted that no data breach is believed to have occurred in the attack, suggesting customer information was not compromised.
“Remediation steps and contingency plans are being implemented as quickly as possible,” FedEx said. TNT Express said on social media it “implemented operational contingencies to continue to operate with some restrictions and delays” and apologized for any inconvenience the attack has caused for its customers.
FedEx said it could not measure the financial impact of the service disruption, but “it could be material.” Following the announcement of the attack, the company temporarily suspended trading of its shares on the New York Stock Exchange.
TNT Express is far from the only company to be compromised by the Petya ransomware attack. International shipping company Maersk, pharmaceutical company Merck, food conglomerate Mondelez International, San Francisco law firm DLA Piper, British advertising firm WPP and Russian oil company Rosneft were among the high-profile victims.
The attack started spreading worldwide after M.E.Doc, a Ukrainian company that develops tax accounting software, had its supply chain of its software MEDoc hit by the malware. The attack then spread through a system updater process that carried malicious code to thousands of machines.
Microsoft reported more than 12,500 machines were hit by Petya in Ukraine alone, and infections have been spotted in 65 countries including Belgium, Brazil, Britain, Germany, Russia and the United States.
The attack has been labeled as Petya because it originally was believed the ransomware being spread was a variant of the malware first discovered in 2016. Some security experts have started referring to the attack as NotPetya because, despite apparent similarities to Petya, the attack used an entirely new type of ransomware.
The Petya attack makes use of the same security vulnerability in Windows machines — a U.S. National Security Agency-discovered exploit that was stolen and leaked by a hacking group known as the Shadow Brokers — that allowed the spread of the WannaCry ransomware attack that hit hundreds of thousands of machines in more than 150 countries last month.
A security patch for the exploit was issued by Microsoft in March — two months before the spread of WannaCry and three months ahead of Petya. However, many computer systems have yet to be patched and are still vulnerable. Data provided to IBT by cybersecurity firm Avast shows there are at least 38 million PCs worldwide that have not yet been patched.