Maersk, the world's largest container shipping company, was hit by the infamous NotPetya Ransomware last year. Over the course of 10 days in June and July, the company was in the overhaul mode trying to assess the damage and fix the situation. For as long as ransomware was in control, the company had no control. The malicious NotPetya Ransomware was rolling through the world like a tornado in the summer of 2017, and Maersk was only one of many companies that were affected by it. Unlike other infamous ransomware infections, NotPetya is notorious for whipping data instead of encrypting it, which means that victims often have no options for data recovery. Jim Hagemann Snabe, the Chairman of Møller-Maersk, Denmark has recently spoken about the incident in the World Economic Forum calling the attack an important wake-up call. Unfortunately, it was an expensive one.
During the World Economic Forum, Jim Hagemann Snabe revealed some interesting details about the incident that occurred in late June, early July in 2017. According to Maersk’s Chairman, the company had to re-install the entire infrastructure, which included 4,000 servers, 45,000 PCs, and 2,500 applications. A process that would normally take about 6 months was handled in just 10 days, but the company had no other option because it controls 20% of world’s trade in containers, and one of its ships carrying between 10 to 20 thousand containers ports every 15 minutes on average. Just within those 10 days of chaos – and the weeks following that – the company lost $250-300 million. According to Forbes, the CEO of Maersk, Soeren Skou, reported that the attack of NotPetya Ransomware did not result in data breach or loss, which suggests that the infection was not operating as a data wiper at that point. Although data was not lost, the attack accelerated some very important changes.
Jim Hagemann Snabe drew three conclusions following the attack of the NotPetya Ransomware, prefacing them by pointing out that the company was most likely hit during an attack that was targeted at the state. The Chairman first noted that the company was not up to par with cyber security before the attack, suggesting that Maersk was now working hard to ensure that their “ability to manage cyber security becomes a competitive advantage.” Mr. Snabe then shared his ideas about sharing information and experiences with other companies so that everyone could become proactive about cyber security, and, eventually, shift from being average to the best. He concluded by calling companies, IT specialists, and law enforcement to join in on the fight against cyber criminal activity: “Hopefully, our incident can be a wake-up call not just for our company – with big ambitions now – but for everyone that has anything to do with technology, which I presume is all companies in this world.”
It is believed that the attackers behind NotPetya Ransomware exploited M.E.Doc servers to distribute the malicious infection. CIA has recently reported that Russian military hackers were the ones responsible for the attacks that were launched on Ukraine’s Constitution Day. Of course, the infection that was originally created to attack organizations and institutions in Ukraine crossed all boarders. NotPetya affected Møller-Maersk, FedEx, Merck, and many other companies worldwide (at least in 65 countries). Once inside the network, this malware is meant to wipe data, and although it might pose as ransom-demanding ransomware, in reality, the victim can do nothing to obtain a decryptor. Of course, if the infection wipes data instead of encrypting it, a decryptor does not even exist. It truly is amazing that Maersk did not experience data loss and that the so-called reinstallation of the infrastructure helped the company get back on track. Based on the victims that are already known, it is unlikely that attackers behind this infection would ever target random Windows users.
Jim Hagemann Snabe believes that cyber attacks can be controlled only by prevention. The Chairman believes that if companies and law enforcement agencies share information and work together, the attacks can be resisted or maybe stopped altogether. There is no doubt that if companies dealing with malware attacks are transparent and willing to disclose important information, it will be much harder for cyber attackers to spread uncontrollably. Unfortunately, state agencies and companies at risk are often too concerned about their own privacy and reputation. Unless that changes, it is unlikely that we will see a decrease in cyber criminal activity any time soon. That being said, with more and more big companies and governments being hit by cyber criminals, it is only natural that advancements in cyber security are made and made quickly. Hopefully, everyone will learn from Maersk who has been transparent about their cyber security struggles since June of 2017.
Matthews, L. August 16, 2017. NotPetya Ransomware Attack Cost Shipping Giant Maersk Over $200 Million. Forbes.
Nakashima, E. January 12, 2018. Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes . The Washington Post.
World Economic Forum. January 24, 2018. Securing a Common Future in Cyberspace. YouTube.