September 20, 2017 by

NotPetya Cyberattack Costs FedEx’s TNT Arm $300 Million in Damages

Delivery and logistics giant FedEx has revealed the cost of damages incurred by its TNT division due to the NotPetya ransomware outbreak in June – a staggering $300 million.

It is a cyberattack that continues to plague operations at big companies to this day. The NotPetya ransomware outbreak in June has impacted TNT to such an extent that the logistics giant is yet to fully restore its IT operations, although it is expected to do so toward the end of the month. Meanwhile, deliveries and sales continue to suffer.

FedEx’s chief information officer Rob Carter has confirmed in a conference call with bank analysts that the company believes it was exposed to the cyberattack from a malware that spread via an infected tax software update used in its Ukrainian offices.

“This was not an ordinary cyber-attack,” Carter stated. “This attack was the result of a nation state targeting Ukraine and companies that do business there. At the time of the attack, there was already work under way to replace TNT legacy systems with FedEx technology. In the wake of the attack, these efforts have been accelerated.”

In citing a source, the BBC revealed that TNT had pushed depots “to their limit” with tens of thousands of unprocessed packages at the end of each working day, compared to the staple “handful” left behind.

By its own admission, FedEx described the following in its first quarter earnings report:

Operating results declined due to an estimated $300 million impact from the cyberattack, which was partially offset by the benefits from revenue growth, lower incentive compensation accruals and ongoing cost management initiatives.

TNT is the Netherlands-based unit of FedEx, acquired by the US logistics giant for $4.8 billion last year. FedEx’s acquisition was a strategic move by the parcel delivery behemoth to gain an entry in Europe.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.