FedEx confirmed it was victimized by ransomware spreading rapidly around the world Friday.
American shipping giant FedEx has been hit in a ransomware attack spreading quickly around the globe and linked to hacked data from the U. S. National Security Agency.
FedEx confirmed early Friday afternoon that it was a victim of the attack, but disclosed few details.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware, ” the firm said in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.”
Ransomware is a computer virus that attacks a computer or system’s functionality, so the hackers deploying it can demand payment to restore the ability to operate.
Reports suggest that companies and institutions in at least 70 countries have been targeted by the “WannaCry” malware, including the U. K.’s National Health Service.
The malware has been hitting Microsoft Windows systems. Victims find their computers locked down, and receive a message demanding payment of $300 in Bitcoin digital currency, reports indicated.
“What’s turning out to look like a consorted massive ransomware attack hitting targets worldwide is at an unprecedented scale, ” Simon Crosby, chief technical officer of Cupertino cybersecurity firm Bromium, said in a statement.
“The suspected syndicated attack is unique in that it’s not targeted at any one industry or region, and is using a particularly nasty form of malware that can move through a corporate network from a single entry point.”
Health care organizations, governments, police and fire departments and militaries are “massively vulnerable, ” Crosby said.
“An attack could cripple the organization entirely.”
The WannaCry hack “appears to have used an NSA exploit known as ‘EternalBlue, ‘” product liability lawyer Creighton Magid of New York headquartered law firm Dorsey & Whitney said in a statement.
The Eternal Blue hacking technique was unleashed online by hacker group Shadow Brokers, Magid said.
“Microsoft released a patch earlier this year to address the vulnerability, but it appears that a number of hospitals and other users have not applied the patch, ” Magid said.
Microsoft did not immediately respond to a request for comment.
The Seattle tech giant released the patch March 14, a month before the Shadow Brokers dump, according to Russian cybersecurity firm Kaspersky Lab.
The U. K. National Health Service said in an online advisory that 16 of its organizations had been affected.
“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors, ” the advisory said.
“At this stage we do not have any evidence that patient data has been accessed.”