FedEx Corp. said it could suffer a “material" financial impact after the bug affected the worldwide operations of its TNT Express delivery unit. Danish shipping giant AP Moller-Maersk A/S shut down systems across its operations to contain the cyberattack and said the impact on its business is “being assessed". The company’s APM Terminals unit closed its Port Elizabeth facility in New Jersey Wednesday and suspended gate operations Thursday.
Other companies were forced to resort to old-school business practices after taking corporate email offline to contain further contamination. Employees at global snack giant Mondelez International Inc. were working via cellphones, text messages and personal email, while law firm DLA Piper closed its systems as a “precautionary measure," meaning clients couldn’t contact its team by email or land-line.
No kill switch
The cyberattack began in Ukraine Tuesday, infecting computer networks and demanding $300 in cryptocurrency to unlock systems. The virus spread throughout Europe before jumping to the US and eventually touching Asia and South America. As of midday Tuesday in North America, Kaspersky Lab analysts said about 2,000 users had been attacked. There was no new update Wednesday. So far, cybersecurity researchers haven’t found a kill switch, which had allowed them to stop the similar WannaCry virus in May.
While many computers have been patched to protect the systems from being vulnerable to malware such as WannaCry, this new infection has additional capabilities that let it spread by other means through internal networks. Anyone who clicks on a malicious email attachment could put their entire organization at risk.
Port operators around the world were among those with the most tangible consequences. While goods were still being moved, the process was severely slowed as terminals were forced to revert to manual or backup operations.
Also read: GoldenEye ransomware attack hit operations at Pipavav Port, JNPT
In Argentina, the world’s largest exporter of soy derivatives, grain traders resorted to backup mechanical processes, without help from computers, to load trucks full of grain at Rosario, a port on the Paraná River that handles 80% of the nation’s grain shipments. Nidera B.V., Cargill Inc., Archer-Daniels-Midland Co. and COFCO Corp. all operate from Rosario.
An APM Terminals facility at the Alabama State Docks in Mobile was reopened Wednesday to service trucks loading and unloading goods, but it wasn’t quite business as usual. “The process is a lot slower than their automated system or their computer system," said Judith Adams, a port representative. “While the trucks are stacked up, they’re moving. They’re keeping gate hours."
“Our portal is down and we are not able to take on new orders until we get it back up," Maersk line chief commercial officer Vincent Clerc said, declining to say when systems would return to normal. “We’re being very cautious to ensure that as we bring the applications back up, the attack is contained and rolled back. It limits the accessibility we have at the moment."
A terminal operated by Maersk at the Jawaharlal Nehru Port Trust, a facility near Mumbai, which is India’s biggest container port, was unable to load or unload shipments because of the attack. With the Gateway Terminal India facility unable to identify which shipment belongs to whom, the port was clearing cargo manually, chairman Anil Diggikar said. Seventy-five Maersk group terminals were hit by the attack, he said.
APM Terminals said a “majority" of its terminals were operational by late afternoon in New York, though some were operating slower than usual and with limited functionality.
Other companies including France’s BNP Paribas SA, UK advertising giant WPP Plc and Hamburg-based Beiersdorf AG, the maker of Nivea and Labello lip balm, were also coping with the fallout.
“With there being no global kill switch for this one, we’ll continue to see the numbers rise in different parts of the world as more vulnerable systems become more exposed," said Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council in Washington.
Unlike traditional forms of ransomware, which often provide secure forms of payment in order to release control of networks, the new hack has seemingly concentrated on crippling systems, rather than obtaining a ransom. The email address posted on users’ locked screen, used by victims to receive decryption keys, was easily and swiftly shut down by the email provider.
UK media company WPP’s website was knocked offline, and employees were told to turn off their computers and not use WiFi, according to a person familiar with the matter. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, was shut down Tuesday, another person said, and workers Wednesday were encouraged to work from home and avoid logging into the central network. Bloomberg