FedEx cut its annual profit forecast, citing the $300m cost of a June cyberattack on its TNT Express unit.
The courier now expects to earn no more than $12.80 a share in the fiscal year ending in May after excluding certain items, FedEx said in a statement on Tuesday. That’s down from an original projection of as much as $14 and less than the $13.10 average of analysts’ estimates compiled by Bloomberg.
The global cyberattack in late June struck as the company was stepping up spending to handle more packages from the expansion of online shopping. FedEx also said results at its ground-shipment unit weighed on results, as did Hurricane Harvey, which caused flooding along the US Gulf Coast.
“The first quarter posed significant operational challenges due to the TNT Express cyberattack and Hurricane Harvey,” CEO Fred Smith said in the statement.
FedEx had no insurance to cover the attack, which forced TNT to manually process some transactions.
FedEx fell 2% to $211.61 after the close of regular trading in New York.
Global operations outside the TNT unit weren’t affected by the virus, which entered the unit’s systems through tax software used in the Ukraine. FedEx said it found no evidence of a data breach or information lost to third parties.
The shipper also was among companies hit by the WannaCry ransomware in May, although it said that attack didn’t cause a material disruption to its systems or raise operating costs. Companies around the world struggled to retake control of their networks after the intrusions, which cost them hundreds of millions in potential revenue.
FedEx acquired Dutch shipping company TNT Express for $4.8bn last year to gain an extensive parcel delivery system in Europe to compete with United Parcel Service and Deutsche Post’s DHL. The just-completed quarter was the first in which FedEx reported TNT results as part of its Express division. TNT primarily serves industrial, automotive, high-tech and health-care industries.
FedEx already had planned a 16% expansion in capital spending this year to $5.9bn, after delaying some projects at FedEx Ground to help it process more of the growing number of e-commerce shipments and to boost margins. Deliveries to homes generally have lower yields than to businesses because fewer items are delivered at each stop.
The shipper also said its first quarter profit fell to $2.51 a share, compared with analysts’ average expectation of $3. Sales in the period ended August 31 rose 4% to $15.3bn, compared with the average estimate of $15.35bn.
By Mary Schlangenstein for Fin24
On Friday, doctors at Whipps Cross Hospital, east London, logged into their computers, but a strange red screen popped up. Next to a giant padlock, a message said the files on the computer had been encrypted, and would be lost forever unless $300 was sent to a Bitcoin account – a virtual currency that cannot be traced. The price doubled if the money wasn’t sent within six days. Digital clocks were counting down the time.
It was soon revealed Barts Health Trust, which runs the hospital, had been hit by ransomware, a type of malicious software that hijacks computer systems until money is paid. It was one of 48 trusts in England and 13 in Scotland affected, as well as a handful of GP practices. News reports soon broke of companies in other countries hit. It affected 200,000 victims in 150 countries, according to Europol. This included the Russian Interior Ministry, Fedex, Nissan, Vodafone and Telefonica. It is thought to be the biggest outbreak of ransomware in history.
Trusts worked all through the weekend and are now back to business as usual. But the attack revealed how easy it is to bring a hospital to its knees. Patients are rightly questioning if their medical records are safe. Others fear hackers may strike again and attack other vital systems. Defence minister Michael Fallon was forced to confirm that the Trident nuclear submarines could not be hacked.
So how did this happen? The virus, called WannaCry or WannaDecrypt0r, was an old piece of ransomware that had gained a superpower. It had been combined with a tool called EternalBlue which was developed by US National Security Agency spies and dumped on the dark web by a criminal group called Shadow Brokers. Computers become infected with ransomware when somebody clicks on a dodgy link or downloads a booby-trapped PDF, but normally another person has to be fooled for it to harm a different computer. EternalBlue meant the virus could cascade between machines within a network. It could copy itself over and over, moving from one vulnerable computer to the next, spreading like the plague. Experts cannot trace who caused it, whether a criminal gang or just one person in their bedroom hitting “send”.
Like a real virus, it had to be quarantined. Trusts had to shut down computers and scan them to make sure they were bug-free. Doctors – not used to writing anything but their signature – had to go back to pen and paper. But no computers meant they couldn’t access appointments, referral letters, blood tests results or X-rays. In some hospitals computer systems controlled the phones and doors. Many declared a major incident, flagging up that they needed help. In Barts Health NHS Trust, ambulances were directed away from three A&E departments and non-urgent operations were cancelled.
The tragedy is that trusts had been warned of such an attack. Dr Krishna Chinthapalli, a junior doctor in London, wrote an eerily premonitory piece in the British Medical Journal just two days earlier telling hospitals they were vulnerable to ransomware hits.
How to avoid ransomware
Ransomware is a sophisticated piece of malware that blocks the victim’s access to their files, and the only way to regain access to the files is to pay a ransom.
Here are a few tips to avoid ransomware:
- Back up everything on the company network – create a sane, quiet backup system and use it daily.
- Don’t use Windows XP – it’s a little hard to believe but unsupported operating systems on office computers put data at risk. Consider an upgrade.
- Buy a hard drive and back up documents off-site – even if ransomware hits you overnight, you’ll have a few days’ data on this external backup. This will prevent the destruction of important records.
- Back up to the cloud – use an internet-based service like Google to store back ups.
- Ensure your network security is up-to-date. Install any patches provided by the security software you use.
Businesses often cite cost as a pain point when explaining why they don’t have back-ups or adequate security.
The ultimate question businesses need to ask themselves is: can your company afford to pay the ransom?
Sources: Madlen Davies for www.newstatesman.com; www.techcrunch.com