TNT Express slowed by infection
TNT – one of Australia’s largest courier companies – has ground to a halt after being infected by the Petya Ransomware.
TNT Express, which is owned by global delivery giant FedEx, delivers millions of consignments across Europe, the Middle East and Africa, Asia-Pacific and the Americas every day. But all this has stopped due to the Petya infection.
The company says it is “implementing remediation steps as quickly as possible to support customers…”, and that its shippers are experiencing “limited interruption in pick-up and delivery operations”.
TNT Express’s online systems were down over the weekend, but the company says “no data breach is known to have occurred.”
The Petya/NotPetya malware has now spread to dozens of countries and companies around the world. Security researchers say the attack is intended to destroy infected computers, rather than make money.
“If this well engineered and highly crafted worm was meant to generate revenue, this payment pipeline was possibly the worst of all options,” writes security expert the Gruqq.
“This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of ‘ransomware’.”
Kaspersky researchers say the malware's unique installation ID, which could normally generate a recovery key for each infection (to be handed over after a ransom is received), is just random data.
“That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID,” Kaspersky researchers wrote.
Petya ransomware can encrypt the files of machines running unpatched versions of Windows, believed in this case to be Windows XP computers, and possibly even the connected barcode scanners, which experts say are often embedded with old versions of Windows and are never updated.
The TNT Express infection is expected to cause more disruption, but less media attention, than the earlier news that chocolate-maker Cadbury’s computers had been compromised too.