Image: TNT Express
FedEx’s delivery subsidiary TNT Express has warned that its systems have been significantly affected by a computer virus.
The company said in a note on its website: “Like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network,” which has lead to speculation that the problems were linked to the Petya ransomware which has been infecting PCs globally.
FedEx briefly halted trading in its shares for almost an hour yesterday as it announced its operations at its European subsidiary TNT Express operations had been “significantly affected” by a computer virus. FedEx warned investors that the disruption could have a material impact on its finances.
The notification came amid the Petya file-encrypting malware outbreak, which hammered Windows systems in the Ukraine, but also caused infections in 63 other countries.
“While TNT Express operations and communications systems have been disrupted, no data breach is known to have occurred,” the firm said.
No other FedEx business was affected by the attack. TNT Express’s domestic and regional network services were “largely operational, but slowed”, it said, with delays in TNT Express’s inter-continental services. FedEx Express services were deployed as alternatives.
A message still on TNT’s website today notes that it had to suspend myTNT online services due to the attack.
“We are implementing remediation steps as quickly as possible to support customers who experience limited interruption in pick-up and delivery operations and tracking systems access.”
The company hasn’t provided further updates.
As more details emerge about the Petya/NotPetya malware, several security researchers have concluded the attack was not intended to make money but rather to destroy infected computers, making this an example of so-called wiper malware, such as Shamoon.
“If this well engineered and highly crafted worm was meant to generate revenue, this payment pipeline was possibly the worst of all options,” wrote operational security expert, the Gruqq.
“This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of ‘ransomware’.”
Researchers at Kaspersky found that the malware’s unique installation ID, which would normally be used by the attacker to generate a recovery key for each infection, was just random data.
“That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID,” Kaspersky researchers wrote.
READ MORE ON CYBERCRIME