FedEx on Petya attack: systems still down, no cyber insurance

US parcel delivery giant FedEx says customers of subsidiary TNT Express are still experiencing delays due to the Petya ransomware attack and that it didn't have cyber insurance to cover the incident. 

The company released further details about the impact of the attack in its SEC 10-K filing today, revealing the attack affected operational, financial, back-office and secondary business systems. FedEx still does not know when some of the systems downed by the Petya ransomware can be revived.

On June 28, a day after the Petya ransomware began spreading in Ukraine, FedEx halted trading due to an unspecified cyber attack that crippled the operations of TNT Express, its Netherlands-based subsidiary. The attack forced it to move some TNT services across to FedEx. 

FedEx hasn’t calculated the exact damage to its balance sheet, but repeated its initial warning that it would likely materially affect its financial performance. FedEx has annual revenues of $60bn. 

The company confirmed revenues were impacted due to decreased volumes at TNT, while it faced additional costs from implementing contingency plans and fixing affected systems.

“We cannot estimate when TNT services will be fully restored. Contingency plans that make use of both FedEx Express and TNT networks remain in place to minimize the impacts to customers,” FedEx said.

TNT Express was also still dependent on manual processes for a “significant portion” of 

operations and customer service functions, it said. There loss of automation had caused “widespread service and invoicing delays”.    

Despite the delays, FedEx said that all TNT depots, hubs, and facilities are operational. 

FedEx also confirmed that the TNT Petya infections occurred through the Ukraine tax software M.E.Docs. The accounting software is one of two packages required for organizations doing business in the Ukraine and was used by TNT’s Ukraine office. 

“TNT Express operates in Ukraine and uses the software that was compromised, which allowed the virus to infiltrate TNT Express systems and encrypt its data,” it said in its SEC report.  

“While TNT Express operations and communications were significantly affected, no data breach or data loss to third parties is known to have occurred as of the date of this filing.”

Mondelez, the maker of Oreo cookies and Cadbury chocolates earlier this month said the attack could result in a 3 percentage-point drop in its second quarter growth rate. The Tasmania Cadbury chocolate factory stalled due to Perya infections. 

Lloyds of London, an insurance provider to insurance firms, today issued a report estimating the economic impacts of cyber attacks could be as much as US$53bn for an “extreme event” affecting a large cloud provider, and could result in $121bn losses, depending on the length and extent of the attack. 

Losses due to a mass software vulnerability could reach $29bn in an extreme event, it said. The report was aimed at insurance providers that do or could offer cyber-related coverage.