Security Experts:

Connect with us

Hi, what are you looking for?



FedEx May Have Permanently Lost Data Encrypted by NotPetya

FedEx-owned international delivery services company TNT Express is still working on restoring systems hit last month by the destructive NotPetya malware attack, but some business data may never be recovered, FedEx said in a Securities and Exchange Commission (SEC) filing this week.

FedEx-owned international delivery services company TNT Express is still working on restoring systems hit last month by the destructive NotPetya malware attack, but some business data may never be recovered, FedEx said in a Securities and Exchange Commission (SEC) filing this week.

NotPetya (also known as Nyetya, PetrWrap, exPetr, GoldenEye, and Diskcoder.C) infected tens of thousands of systems, including ones belonging to major organizations, in more than 65 countries. Many of the victims were located in Ukraine, which is not surprising considering that the main attack vector was the update system of M.E. Doc, an accounting tool developed by Kiev-based tax software firm Intellect Service.

The infosec community initially believed NotPetya was a piece of ransomware, similar to WannaCry. However, closer analysis revealed that it was actually a wiper and it was unlikely that victims could recover their files, even if they paid the ransom.

TNT Express, whose Ukraine office uses the compromised tax software, was hit hard by the attack, which led to FedEx temporarily suspending trading of its shares on the New York Stock Exchange. It’s worth noting that FedEx was also impacted by the WannaCry attack.

In its annual report with the SEC on Form 10-K for fiscal year 2017, FedEx said the attack did not affect any other of its companies. While there is no evidence that any data was stolen by malicious actors from TNT systems, the attack had a significant impact on the company’s operations and communications.

A majority of TNT services are available by now, but FedEx informed customers of possible delays in service and invoicing due to the use of manual processes. The company is working on restoring critical systems, including operational, finance, back-office and secondary business systems, but it’s unclear how long the process will take.

Furthermore, FedEx believes it’s “reasonably possible” that TNT will not be able to fully restore all affected systems and recover all the critical business data encrypted by NotPetya.

“Given the recent timing and magnitude of the attack, in addition to our initial focus on restoring TNT operations and customer service functions, we are still evaluating the financial impact of the attack, but it is likely that it will be material,” FedEx said in a press statement. “We do not have cyber or other insurance in place that covers this attack. Although we cannot currently quantify the amounts, we have experienced loss of revenue due to decreased volumes at TNT and incremental costs associated with the implementation of contingency plans and the remediation of affected systems.”

FedEx is not the only shipping company hit by NotPetya. Danish shipping giant A.P. Moller-Maersk also had its systems infected, which prevented it from accepting new orders. Maersk-owned APM Terminals, a global port and cargo inland services provider, was also affected, causing problems at major ports in the United States and Europe.

According to Reuters, Maersk admitted that its antivirus software was not effective against the NotPetya malware, and the company now claims to have implemented additional security measures to prevent future incidents.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...