Like a spider in a spout after the rain, new ransomware continues to climb its way into IT systems across the globe at alarming rates. In one of the more recent, high-profile cyberattacks, TNT Express, a wholly-owned FedEx subsidiary, was hit by Petya – ransomware which involved the spread of an IT virus through a Ukrainian tax software product.
While the TNT cyberbreach was first announced by FedEx on June 28, its July 17 10-K filing with the Securities and Exchange Commission offers additional details regarding the attack and its inevitable fallout. Through the 10-K filing, we learned the company’s grasp on the situation is somewhat tenuous:
“While we have significant security processes and initiatives in place, we may be unable to detect or prevent a material breach or disruption in the future,” the filing said. “…We are not yet able to determine the full extent of its impact, including the impact on our results of operations and financial condition, and it is likely that the financial impact will be material.”
In a company statement on July 17, FedEx said its IT teams were focused on the recovery of critical systems and were making progress in restoring systems and service. However, the company acknowledged a loss of revenue and noted it did not have cyber or other insurance in place to cover the attack.
“Additional consequences and risks associated with the cyberattack that could negatively impact our results of operations and financial condition are described in the corresponding risk factor included in the Management’s Discussion and Analysis section of our annual report on Form 10-K for fiscal year 2017, filed earlier today,” FedEx said in a July 17 company statement. “In addition to financial consequences, the cyberattack may materially impact our disclosure controls and procedures and internal control over financial reporting in future periods.”
Researchers identified the virus used in the attack as being linked to the malware called Petrwrap, or Petya, and has been linked to widespread assaults across Russia and Europe. The malware uses an exploit developed by the National Security Agency that was later leaked onto the Internet. The ransomware primarily targets small businesses and intrudes through phishing emails, one of the oldest tricks in the book for bad actors. However, this particular strand of the virus is unique in that it targets the entire hard drive. Commonly, ransomware encrypts certain file types, such as pictures and Office documents.
Further underscoring fallout from the incident, the TNT website currently sports an “important message” pop-up apologizing for “limited interruption in pick-up and delivery operations and tracking systems access” and “currently showing delayed information.”
While FedEx has yet to estimate the financial impact of the intrusion, the company said in the statement it “reaffirms its commitment to improve the operating income at the FedEx Express Group by $1.2 billion to $1.5 billion in fiscal 2020 versus fiscal 2017, assuming moderate economic growth and current accounting and tax rules.”