NonPetya ransomware forced Maersk to reinstall 4000 servers, 45000 PCs

The shipping giant has suffered millions of dollars in damage due to the ransomware attack.
Written by Charlie Osborne, Contributing Writer

Maersk has revealed that a devastating ransomware attack which struck businesses across Europe in 2017 required close to a "complete infrastructure" overhaul and the reinstallation of thousands of machines.

The Danish transport and logistics conglomerate fell prey to a campaign which used a modified version of the Petya ransomware, NonPetya, bringing down IT systems and operational controls across the board.

Maersk, a container ship and supply vessel operator, previously warned that the ransomware attack would cause losses of up to $300 million due to "serious business interruption."

The firm, with offices in 130 countries and a workforce of close to 90,000, was one of the most high-profile victims of the Petya campaign, which spread rapidly by utilizing the leaked US National Security Agency (NSA) exploit EternalBlue, which targets Microsoft Windows systems.

The same exploit was used to spread WannaCry, ransomware which caused horrendous disruption to healthcare systems including the UK's National Health Service (NHS).

In Maersk's case, while no customer or business data is believed to have been exposed, the firm endured severe disruption and was forced to halt operations as the ransomware spread through core IT systems.

Speaking at the World Economic Forum this week, Møller-Maersk Chairman Jim Hagemann Snabe shared further details on the attack, which resulted in a reinstall of "our entire infrastructure," according to the executive.

In total, Maersk reinstalled 4,000 servers, 45,000 PCs, and 2,500 applications in what the chairman called a "heroic effort" over ten days, one in which the executive said may have usually taken up to six months to implement.

"Imagine a company where a ship with 10 to 20 thousand containers is entering a port every 15 minutes, and for 10 days, you have no IT," Hagemann commented. "It's almost impossible to even imagine."

However, thanks to the efforts of staff, the company only experienced a 20 percent drop in volume, while the remaining 80 percent of operations were handled manually until systems were up and running once more.

Hagemann said the ransomware attack was a "very significant wake-up call for Maersk, and you could say, a very expensive one."

"We were basically average when it came to cybersecurity, like many companies," the executive said. "This was a wake-up call not just to become good, but to have cybersecurity as a competitive advantage."

See also: UK firms 'stockpile' Bitcoin to pay off ransomware hackers

In September, FedEx revealed the damage caused by falling victim to the Petya cyberattack. The delivery giant faced losses of approximately $300 million after the operations of the firm's TNT Express unit in Europe were disrupted.

The Petya attack originated in Ukraine and quickly spread worldwide.

Earlier this month, researchers disclosed the existence of a new ransomware variant. Dubbed "SpriteCoin," the malware masquerades as a new kind of profitable cryptocurrency and is being advertised on public forums.

Users who fall for the scam and download the "cryptocurrency" software have their systems encrypted and are made to pay 0.3 Monero -- roughly $92 at the time of writing -- to unlock their files.

As a parting gift, the malware then downloads and executes additional payloads for surveillance.

10 things you didn't know about the Dark Web

Previous and related coverage

    Petya ransomware attack: How many victims are there really?

    A day on from from the initial reports of the ransomware attack, there are a number of different estimates of how many organisations have been infected.

    Ukraine police make arrest in NotPetya ransomware case

    A 51-year-old Ukrainian national was arrested in connection with the ransomware attack

    NotPetya cyber attack on TNT Express cost FedEx $300m

    Falling victim to global ransomware attack "posed significant operational challenges", the company says in its latest financial report.

      Editorial standards