The malware compromised systems worldwide, most of them in Ukraine, the list of victims is long and includes the US pharmaceutical company Merck, the shipping giant Maersk, the Ukraine’s central bank, Russian oil giant Rosneft, advertising group WPP, TNT Express and the law firm DLA Piper.
According to the second quarter earnings report published by Maersk, there were expecting losses between $200 million and $300 million due to “significant business interruption” because the company was forced to temporarily halt critical systems infected with the ransomware.
The situation announced by FedEx is also disconcerting, its systems will only be fully restored only at the end of September, three months after the incident.
“The worldwide operations of TNT Express were significantly affected during the first quarter by the June 27 NotPetya cyberattack. Most TNT Express services resumed during the quarter and substantially all TNT Express critical operational systems have been restored. However, TNT Express volume, revenue and profit still remain below previous levels,” the company said on Tuesday.
“Operating results declined due to an estimated $300 million impact from the cyberattack, which was partially offset by the benefits from revenue growth, lower incentive compensation accruals and ongoing cost management initiatives,”
During a conference call with financial analysts on Tuesday, FedEx chief information officer Rob Carter confirmed that the attack vector was an infected tax software update delivered to its system in Ukraine, clearly, it is referring the MeDoc accounting application.
Carter confirmed that the malware used in the attack was extremely disruptive, but also confirmed that customer data were not exposed.
“This attack was the result of [a] nation state targeting Ukraine and companies that do business there,” he explained.
TNT adopting further measured to protect its infrastructure, especially legacy systems in hubs and depots worldwide.
Other companies are counting the huge cost of attack, the consumer goods firm Reckitt Benckiser announced the attack cost it £100m ($136m), but the highest cost was announced by Saint Gobain, which expected $400 million losses.
(Security Affairs – FedEx, NotPetya)