FedEx hit as NSA-linked ransomware spreads around the world
American shipping giant FedEx has been hit in a ransomware attack spreading quickly around the globe and linked to hacked or leaked data from the U.S. National Security Agency.
FedEx confirmed early Friday afternoon that it was a victim of the attack, but disclosed few details.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” the firm said in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.”
Ransomware is a computer virus that attacks a computer or system’s functionality, so the hackers deploying it can demand payment to restore the ability to operate.
Reports suggest that companies and institutions in at least 70 countries have been targeted by the “WannaCry” malware, including the U.K.’s National Health Service.
The malware has been hitting Microsoft Windows systems. Victims find their computers locked down, and receive a message demanding payment of $300 in Bitcoin digital currency, reports indicated.
“What’s turning out to look like a consorted massive ransomware attack hitting targets worldwide is at an unprecedented scale,” Simon Crosby, chief technical officer of Cupertino cybersecurity firm Bromium, said in a statement.
“The suspected syndicated attack is unique in that it’s not targeted at any one industry or region, and is using a particularly nasty form of malware that can move through a corporate network from a single entry point.”
Health care organizations, governments, police and fire departments and militaries are “massively vulnerable,” Crosby said.
“An attack could cripple the organization entirely.”
If victims of the attack start paying the ransom, that will encourage its spread, said Paul Calatayud, chief technical officer at Kansas cybersecurity company FireMon.
The WannaCry hack “appears to have used an NSA exploit known as ‘EternalBlue,’” product liability lawyer Creighton Magid of New York headquartered law firm Dorsey & Whitney said in a statement.
The EternalBlue hacking technique was unleashed online by hacker group Shadow Brokers, Magid said.
“Microsoft released a patch earlier this year to address the vulnerability, but it appears that a number of hospitals and other users have not applied the patch,” Magid said.
Microsoft said its engineers on Friday added “detection and protection” against the malware, and noted that the patch it released in March provides “additional protections” against the malware.
“Those who are running our free antivirus software and have Windows Update enabled, are protected,” a company spokesperson said. “We are working with customers to provide additional assistance.”
The Seattle tech giant released the patch March 14, a month before the Shadow Brokers dump, according to Russian cybersecurity firm Kaspersky Lab.
The U.K. National Health Service said in an online advisory that 16 of its organizations had been affected.
“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors,” the advisory said.
“At this stage we do not have any evidence that patient data has been accessed.”
The malware assault highlighted the need for the State of California to promote the growth of a “cyber-ready” workforce, said Silicon Valley Leadership Group vice-president of technology and innovation policy Peter Leroe-Muñoz.
Leroe-Muñoz brought more than 25 local companies to Sacramento on Wednesday to lobby legislators for state resources to be directed toward boosting students’ cybersecurity skills at all levels of higher education, from junior colleges to advanced education programs, he said.
The goal is to ensure that companies can stock their ranks with employees knowledgeable enough on cybersecurity to play a role in thwarting attacks, Leroe-Muñoz said.