[dropcap]T[/dropcap]he global cyberattack that has been wending its way across continents since Tuesday started creating real consequences at some businesses even as the virus’s spread seemed to be abating.
FedEx said it could suffer a “material” financial impact after the bug affected the worldwide operations of its TNT Express delivery unit. Danish shipping giant AP Moller-Maersk shut down systems across its operations to contain the cyberattack and said the impact on its business is “being assessed”. The company’s APM Terminals unit closed its Port Elizabeth facility in New Jersey in the US on Wednesday and suspended gate operations on Thursday.
Other companies were forced to resort to old-school business practices after taking corporate e-mail offline to contain further contamination. Employees at global snack giant Mondelez International were working via cellphones, text messages and personal e-mail, while law firm DLA Piper closed its systems as a “precautionary measure”, meaning clients couldn’t contact its team by e-mail or landline phones.
The cyberattack began in Ukraine on Tuesday, infecting computer networks and demanding US$300 in cryptocurrency to unlock systems. The virus spread throughout Europe before jumping to the US and eventually touching Asia and South America. As of midday on Tuesday in North America, Kaspersky Lab analysts said about 2 000 users had been attacked. So far, cybersecurity researchers haven’t found a kill switch, which had allowed them to stop the similar WannaCry virus in May.
While many computers have been patched to protect the systems from being vulnerable to malware such as WannaCry, this new infection has additional capabilities that let it spread by other means through internal networks. Anyone who clicks on a malicious email attachment could put their entire organisation at risk.
Port operators around the world were among those with the most tangible consequences. While goods were still being moved, the process was severely slowed as terminals were forced to revert to manual or backup operations.
In Argentina, the world’s largest exporter of soy derivatives, trading company Nidera, resorted to backup mechanical processes, without help from computers, to load trucks full of grain at Rosario, a port on the Paraná River that handles 80% of the nation’s grain shipments. Cofco also had problems at Rosario. Cargill, which operates from the port, said it was unaffected.
‘Portal down’
An APM Terminals facility at the Alabama State Docks in Mobile in the US was reopened on Wednesday to service trucks loading and unloading goods, but it wasn’t quite business as usual. “The process is a lot slower than their automated system or their computer system,” said Judith Adams, a port representative. “While the trucks are stacked up, they’re moving. They’re keeping gate hours.”
“Our portal is down and we are not able to take on new orders until we get it back up,” Maersk Line chief commercial officer Vincent Clerc said, declining to say when systems would return to normal. “We’re being very cautious to ensure that as we bring the applications back up, the attack is contained and rolled back. It limits the accessibility we have at the moment.”
A terminal operated by Maersk at the Jawaharlal Nehru Port Trust, a facility near Mumbai, which is India’s biggest container port, was unable to load or unload shipments because of the attack. With the Gateway Terminal India facility unable to identify which shipment belongs to whom, the port was clearing cargo manually, chairman Anil Diggikar said. Seventy-five Maersk group terminals were hit by the attack, he said.
APM Terminals said a “majority” of its terminals were operational by late afternoon in New York, though some were operating slower than usual and with limited functionality. At the Port of Los Angeles, the Maersk-affiliated terminal shut at 6am local time on Tuesday and remained closed the following day, according to Phillip Sanfield, a spokesman.
Other companies, including France’s BNP Paribas, UK advertising giant WPP and Hamburg-based Beiersdorf, the maker of Nivea and Labello lip balm, were also coping with the fallout.
“With there being no global kill switch for this one, we’ll continue to see the numbers rise in different parts of the world as more vulnerable systems become more exposed,” said Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council in Washington.
Unlike traditional forms of ransomware, which often provide secure forms of payment in order to release control of networks, the new hack has seemingly concentrated on crippling systems, rather than obtaining a ransom. The e-mail address posted on users’ locked screens, used by victims to receive decryption keys, was easily and swiftly shut down by the e-mail provider.
WPP’s website was knocked offline, and employees were told to turn off their computers and not use Wi-Fi, according to a person familiar with the matter. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, was shut down on Tuesday, another person said, and workers on Wednesday were encouraged to work from home and avoid logging into the central network. — Reported by Molly Schuetz, Jordan Robertson and Nico Grant, (c) 2017 Bloomberg LP
