Petya damage to TNT Express systems is likely permanent

International courier TNT Express has warned that it may have permanently lost access to some critical business data and systems following the damaging Petya malware attack.

Its parent company FedEx also today revealed the business had similarly fallen victim to the WannaCry malware just one month earlier.

TNT Express emerged as one of the worst hit in the June Petya malware attack that rampaged across the globe.

Three weeks after the malware first emerged, FedEx today revealed TNT was still relying mostly on manual processes to keep its business running. Service and invoicing delays remain widespread.

In its annual report filed with the US SEC, FedEx said it was unable to estimate when TNT services would be fully restored.

The company said it was "reasonably possible" that TNT will be "unable to fully restore all of the affected systems and recover all of the critical business data that was encrypted by the virus".

"We are currently focused on restoring remaining operational systems, along with finance, back-office and secondary business systems," it said.

Many suspect the Petya malware presented itself as ransomware to hide its true intention of destruction. The virus uses similar exploits to the WannaCry malware to crash and reboot computers after rewriting the hard disk master boot record.

It is almost identical to the GoldenEye variant of the Petya malware that surfaced last year, except that it overwrites the first 25 sector blocks of a victim PC's hard disk to do "permanent and irreversible damage" and render files unrecoverable. 

FedEx revealed TNT Express was a user of the MEDoc accounting software in Ukraine that inadvertently distributed the malware to its customers.

Attackers compromised MEDoc's servers in April this year using stolen admin credentials, and released at least three software updates that contained backdoors to the company's users.

FedEx has previously indicated the financial impact of the malware will likely be "material".

It reiterated this forecast today and revealed it had no cyber insurance to cover the attack.

"Although we cannot currently quantify the amounts, we have experienced loss of revenue due to decreased volumes at TNT and incremental costs associated with the implementation of contingency plans and the remediation of affected systems."

The Petya attack was a heavy blow to a company that had spent the past month grappling with the fallout of the WannaCry ransomware attack.

However, FedEx said WannaCry did not cause a material disruption to systems or result in any material costs. 

TNT Express upgraded to Windows 7 prior to its acquisition by FedEx. It is unclear what version of the Microsoft system is currently in use. 

FedEx took over TNT last May. It is currently working to integrate the business - a highly complex endeavour involving operations in more than 200 countries.

It expects the integration to be complete by the end of 2020, but has admitted the Petya attack may have an adverse impact on the timeline and costs.