NonPetya ransomware forced Maersk to reinstall 4000 servers, 45000 PCs

Date: Monday, January 29, 2018
Source: ZD Net

 The shipping giant has suffered millions of dollars in damage due to the ransomware attack.

The Danish transport and logistics conglomerate fell prey to a campaign which used a modified version of the Petya ransomware, NonPetya, bringing down IT systems and operational controls across the board.

Maersk, a container ship and supply vessel operator, previously warned that the ransomware attack would cause losses of up to $300 million due to "serious business interruption."

The firm, with offices in 130 countries and a workforce of close to 90,000, was one of the most high-profile victims of the Petya campaign, which spread rapidly by utilizing the leaked US National Security Agency (NSA) exploit EternalBlue, which targets Microsoft Windows systems.

The same exploit was used to spread WannaCry, ransomware which caused horrendous disruption to healthcare systems including the UK's National Health Service (NHS).

In Maersk's case, while no customer or business data is believed to have been exposed, the firm endured severe disruption and was forced to halt operations as the ransomware spread through core IT systems.

Speaking at the World Economic Forum this week, Møller-Maersk Chairman Jim Hagemann Snabe shared further details on the attack, which resulted in a reinstall of "our entire infrastructure," according to the executive.

In total, Maersk reinstalled 4,000 servers, 45,000 PCs, and 2,500 applications in what the chairman called a "heroic effort" over ten days, one in which the executive said may have usually taken up to six months to implement.

"Imagine a company where a ship with 10 to 20 thousand containers is entering a port every 15 minutes, and for 10 days, you have no IT," Hagemann commented. "It's almost impossible to even imagine."

However, thanks to the efforts of staff, the company only experienced a 20 percent drop in volume, while the remaining 80 percent of operations were handled manually until systems were up and running once more.

Hagemann said the ransomware attack was a "very significant wake-up call for Maersk, and you could say, a very expensive one."

"We were basically average when it came to cybersecurity, like many companies," the executive said. "This was a wake-up call not just to become good, but to have cybersecurity as a competitive advantage."

In September, FedEx revealed the damage caused by falling victim to the Petya cyberattack. The delivery giant faced losses of approximately $300 million after the operations of the firm's TNT Express unit in Europe were disrupted.

The Petya attack originated in Ukraine and quickly spread worldwide.

Earlier this month, researchers disclosed the existence of a new ransomware variant. Dubbed "SpriteCoin," the malware masquerades as a new kind of profitable cryptocurrency and is being advertised on public forums.

Users who fall for the scam and download the "cryptocurrency" software have their systems encrypted and are made to pay 0.3 Monero -- roughly $92 at the time of writing -- to unlock their files.

As a parting gift, the malware then downloads and executes additional payloads for surveillance.

Click here to read the entire article from the original source

BROWSE MORE ARTICLES

E-MAIL TO COLLEAGUE

NOTIFY ME WHEN NEW ARTICLES ARE POSTED

SOUND FAMILIAR? HAVE A SLIGHTLY DIFFERENT ISSUE? CONTACT US

Have the News Delivered to you

Like what you see here? Why not let us send it directly to you?
Sign up to receive our Weekly Industry Newsletter, a compilation of all news articles that matter to you and your business.