Maersk was forced to fully reinstall its IT systems after infamous NotPetya attack
The chairman of the logistics giant Maersk, Jim Hagemann Snabe, announced the full extent of the damages caused by the ransomware epidemic in the World Economic Forum. The company was hit by NotPetya virus last summer. The cyber assault cost $250-$300 million and required 10 days to recover fully.
Due to the ransomware attack in June 2017, Maersk’s entire IT infrastructure had to be shut down. 4000 new servers, 45,000 new PCs, and 2500 applications had to be reinstalled in the short period.
Snabe came from an IT industry and was expecting the full operation to last around six months. It is remarkable that the employees and partners managed to achieve the goal in just ten days, however.
While the work was on-going, the entire company had to process extensive amounts of shipping containers manually. Considering that Maersk operates in 121 countries, serving 343 ports, the task required tremendous efforts. While operating manually, the company managed to keep up with 80% of their typical workload.
Considering the damages caused by the cyber attack, Maersk chairman gave credit to “human resilience” which made it possible to overcome the dangerous ransomware strike.
“Basically average” cybersecurity management is not enough for companies
The damage caused by NotPetya was enormous and proved that businesses have to take more responsibility and put more effort into cyber security. Snabe claims that they had “basically average” cyber security management; however, the attack was a “wake-up call” to think about higher security standards.
Therefore, he urged global organizations, technology companies, and law enforcement to cooperate and create a more secure digital world. He explained that being good at cybersecurity can transfer into a competitive advantage. No matter how big or small the organization is – the virtual security could be breached at any time if no proper measures are undertaken.
However, human resilience is still an issue. Though, Snabe told that Maersk would be more digitalized in the future:
The next level of dependency is everything will be digital — all the documents will be digital, the boats will be autonomous, and hence the criticality of the infrastructure becomes even more urgent, and you cannot overcome with human resilience anymore.
NotPetya affected multiple high-profile organizations in 2017
Maersk was not the only giant which was affected by the treacherous ransomware. Similarly to Merck, FedEx was hit with $310m bill, while TNT and WPP restrained themselves from revealing their losses.
NotPetya, a variant of Petya ransomware that emerged in March 2016, started spreading mid-last year and was suspected of infecting IT infrastructure in Ukraine. Malware used NSA exploit EternalBlue to penetrate Microsoft Windows machines.
NotPetya ransomware caused the worldwide hoax in June. Malware hit hundreds of organizations and companies in the United States, Russia, France, and the United Kingdom. However, the biggest damage was done to Ukraine.
UPDATE: Russia is accused of being responsible for the cyber attack in June
Security researchers assume that NotPetya attack was created and held by Russia in order to target organizations in Ukraine.These countries have a tense relationship, so political reasons seem legit to arrange a cyber attack too. But Russia did not accept responsibility.
However, Central Intelligence Agency (CIA) announced that the attack was held by Russian military hackers in January 2018. The attack is said to be a part of “hybrid warfare” that combines traditional military aggression with cyber attacks to dominate in the country.
According to the investigation, Russian hackers used “watering hole” attack to infect the specific website that provides updates to M.E. Doc – one of the two accounting programs used by Ukraine companies.
Additionally, attackers hacked into industrial control system networks to cause havoc in the country. Finally, they used a ransomware-type cyber threat to camouflage state-based cyber attack. Typically, demands to pay the ransom for data recovery are held by individuals or hacking groups.