How robust is your cyber-incident response plan?
How robust is your cyber-incident response plan?

Major companies struggling to return back to normal operation after last week's global ransomware attack, the Financial Times (FT) reports.

AP Moller-Maersk, WPP, Reckitt Benckiser and FedEx have all said their businesses are not fully recovered from the NotPetya ransomware attack which broke on Monday 26th June.

The ransomware campaign began by attacking Ukrainian targets and slowly spread to thousands of computers and industrial control systems. According to the FT, is still crippling some ports, causing packages to go missing.

Maersk, a leader in the shipping industry, told the FT on Tuesday that it had been forced to re-route ships to “alternative destinations” thanks to “debilitated IT systems”. It also reported of troubles in docking and unloading containers at 76 of it ports.

“We're bringing applications online according to priority and to restore critical business functions,” Maersk told the FT. “Before we can say that we are totally up and running we really need more systems to be up, such as backup systems for employees here.”

Following extensive analysis, security firm ESET said it believes the attack was orchestrated by a Russian-linked group named TeleBots. The group was first discovered in late 2016 attacking Ukrainian financial firms and is believed to be behind the BlackEnergy attacks on the Ukranian power grid in 2016.

Ukrainian security officials are already pointing the finger at Russia.

On Friday last week, the New York Times reported that the Security Service of Ukraine (SBU) had seized equipment, belonging to Russian agents, who they say launched the cyber-attack.  

TNT, a US-based package delivery arm of FedEx, is currently dealing with concerned customers who are taking to social media to complain of inability to track their packages and missed deliveries.

TNT told the FT, “we are continuing to make solid progress. Certain types of goods are more affected, there may be variations from one place to others.”

ESET said in its blog post on TeleBots that we're unlikely to see a reduction in cyber-attacks of this nature. The group “continues to evolve” and is set to conduct further disruptive attacks against Ukraine.

The group apparently underestimated the ransomware's propagation  capabilities: “That's why the malware went out of control.”

ESET said that Instead of using spear-phishing emails which contain malicious macros, “they used a more sophisticated scheme known as a supply-chain attack.”

WPP's chief executive, Martin Sorrell, wrote to staff saying, “given the scope of the attack, there is no instant, universal fix,” as progress in recovery had not been as fast as expected.

This follows a similar statement to staff from Sorrell which claimed the attack was exaggerated by the media, that quoted Sorrell saying, “Many of you will have experienced significant disruption to your work. However, contrary to some press reports, WPP and its companies are still very much open for business.”

Reckitt Benckiser, a manufacturer of pharmaceutical consumer goods, said it still has “outstanding issues”, the FT reports. It warned customers they are to expect delays in receiving products orders.