Cyber Incident Victim: FedEx
Date:
May 2017
Location:
Russia
Summary
The WannaCry ransomware attack caused widespread disruption across multiple sectors globally, including FedEx's operations. The malware encrypted files on infected systems, demanding ransom payments for decryption, impacting over 200,000 computers in critical infrastructure such as healthcare facilities, government agencies, and transportation networks. Hospitals diverted patients due to locked medical records, while logistics, manufacturing, and energy companies faced operational halts, payment system failures, and communication delays. Some organizations mitigated damage through isolated networks or updated software patches, but underfunded institutions using outdated systems suffered severe consequences, forcing individuals to pay ransoms to recover academic or professional work. The incident highlighted vulnerabilities in unpatched Windows systems across public and private sectors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The WannaCry ransomware attack emerged globally on May 12, 2017, rapidly infecting over 200,000 computers across 150 countries. The malware encrypted files on vulnerable Windows systems, demanding Bitcoin payments ranging from $300 to $600 for decryption. Critical infrastructure sectors were disproportionately impacted, with Russia experiencing the highest infection attempts according to Kaspersky Lab. Russian interior ministry computers, railway systems, banks, and telecom provider Megafon were compromised, though vital servers running domestic Elbrus operating systems remained unaffected. China faced widespread disruptions at universities where outdated software left student laptops vulnerable, forcing payments to recover academic work nearing deadlines. Petroleum stations in Chongqing lost card payment capabilities after China National Petroleum systems were infected, while South Korea's largest cinema chain reported compromised advertising servers at 50 locations. Japan recorded 2,000 infected computers across 600 companies, with Hitachi experiencing email and file delivery failures. India's Andhra Pradesh police systems were disabled, though national infrastructure avoided major damage through preemptive security patches.
The United Kingdom's National Health Service suffered severe operational disruptions, with 48 English trusts and 13 Scottish organizations forced to cancel appointments and divert emergency cases after ransomware locked patient records. Global corporations including FedEx, Renault, and Nissan experienced production halts and IT system compromises, with Renault temporarily stopping manufacturing at multiple sites. Telefonica contained infected equipment while Spanish utilities Iberdrola and Gas Natural implemented emergency computer shutdowns. Containment efforts focused on isolating infected machines, restoring systems from backups, and applying Microsoft's emergency security patches for the exploited EternalBlue vulnerability. Despite the malware's rapid propagation, critical transportation systems like Germany's Deutsche Bahn maintained service continuity despite electronic display outages. By May 14, Europol confirmed the attack's unprecedented scale while cybersecurity firms observed slowing infection rates due to a kill-switch domain activation and coordinated mitigation efforts across affected organizations.