The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Material Impact: NotPetya Ransomware Drives Home Existential Cyber Risk for Corporations



FedEx briefly halted trading of its shares on Wednesday after reports that its TNT subsidiary was hit by NotPetya/ExPetr, a destructive wiper malware. Get ready for more.

FedEx briefly halted trading of its shares on Wednesday after reports that its TNT subsidiary was hit by NotPetya, a destructive wiper malware, in what could be the start of a trend as more destructive attacks ramp up.

In a statement released on Wednesday, FedEx said in that TNT was "significantly affected due to the infiltration of an information system virus." Though the virus was not named it is assumed to be NotPetya/ExPetr, a piece of destructive malware that masquerades as ransomware and began spreading rapidly on Tuesday.

FedEx said that "remediation steps and contingency plans" were being implemented and that "TNT Express domestic country and regional network services are largely operational, but slowed." The company also acknowledged that it was experiencing delays in TNT Express' inter-continental services as a result of the infection. FedEx shares resumed trading shortly after the statement was issued and finished the trading day in positive territory.

However, the temporary hold on trading at a company as large as FedEx due to malicious software may be a first and underscores the seriousness of the NotPetya threat. Companies rarely call for a halt in trading and generally do so only when a development is thought to be material to the company.

The malware appeared initially in Ukraine posing as an official update for financial software and has quickly spread globally, in part by harnessing an exploit dubbed EternalBlue that was developed by the U.S intelligence community. The same vulnerability helped the WannaCry ransomware spread to some 300,000 systems before it was blocked.

But NotPetya is also spreading by other means including the use of stolen user names and passwords.

SEC regulations require publicly traded companies to disclose cyber events that are material to the company, though no clear definition of "materiality" exists. Malware infections are common at large organizations and are not typically considered material. However, NotPetya's destructive capabilities may change that. Operations at many organizations affected by the virus – from supermarkets to advertising agencies – ground to a halt this week as companies struggled to restore data from computers infected by the virus.

Reports and analysis of NotPetya suggest that its purpose is to destroy systems it infects, not to make money for the attackers. Prior ransomware attacks have been disruptive, if only temporarily. That includes infections targeting San Francisco's MUNI and Dozens of National Health Service affiliated hospitals in the U.K.

But Petya is more similar to destructive attacks like Shamoon, the disk wiping malware that targeted Saudi Arabia's ARAMCO national oil company. Such attacks may presage a new, more dangerous phase for publicly traded companies, which are already struggling to stay ahead of fast moving threats.

It's a possibility that has the attention of the Trump Administration. Speaking in Tel Aviv, Israel on Monday, Trump CyberSecurity senior advisor Rob Joyce said destructive attacks like Shamoon were his biggest worry.

Paul Roberts

WHITEPAPERS

Stopping Cyber Threats: Your Field Guide to Threat Hunting

Paul Roberts

Paul Roberts is the editor in chief of The Security Ledger and founder of the Security of Things Forum. A seasoned reporter, Paul has more than a decade of experience covering the IT security space. His writing has appeared in publications including The Christian Science Monitor, MIT Technology Review and The Economist Intelligence Unit. He's appeared on news outlets including Al Jazeera America, NPR's Marketplace Tech Report and The Oprah Show.