Being Infected by NotPetya: What Maersk learned

Maersk is the largest shipping company in the world, claiming almost 1/5th of global trade. But last year, its size did not matter when NotPetya ransomware infected its IT and came within one backup of utterly destroying Maersk’s information technology resources.

NotPetya was the most damaging cyber attack the world has seen, causing an estimated $10 billion across the globe. Although the attack originated in Ukraine, where it reaped 80% of total damages, the attack spread via VPN to other countries, including Germany and the United States. Merck, a large pharmaceuticals company claimed over $870 million in damages resulting from lost sales and IT costs. The firm lost their email system completely, and many employees could not work during the attack.

This was worst-case scenario for these two and many more companies, where operations were brought to a standstill. Literally, every one of the Maersk’s IT assets that were connected during the attack was wiped: 4,000 servers and 45,000 workstations. The company’s saving grace was a single server in Ghana, which had been offline during the attack due to a power outage. The outage allowed one version of Maersk’s system to remain intact, and the company had employees manually carry the server back to headquarters, where IT staffers and a full team of Deloitte consultants were able to replicate the clean copy, bringing all assets online within just ten days.

During this time, the company was forced to go “manual.” Being the largest shipping company in the world, Maersk needed to dock one container ship every fifteen minutes, and since each ship brought to dock 10,000–20,000 containers, this required one container to be processed every 6/100ths of a second. Imagine performing this task without a computer.

It was a monumental, borderline miraculous recovery considering the havoc NotPetya had wrought, and it has drastically altered the company’s position on cyber security.

One Year after NotPetya, What Is Maersk Doing about Cybersecurity?

Five months after NotPetya, Maersk chair Jim Snabe related his company’s experience at the World Economic Forum meeting. He said that the attack had resulted in a number of new organizational imperatives. His company saw itself becoming increasingly reliant on IT infrastructure to do its job. In a way, the attack came at the ideal time when Maersk could still function at 80% of optimal capacity without IT support. In the future, an attack as devastating to IT as NotPetya would be even more catastrophic to income and global trade.

For this reason, Maersk could not afford to be reactive to cyber threats; they needed to be proactive. The organization wanted not only to upgrade its cybersecurity but to create a competitive advantage around the issue. He exhorted world leaders to reconsider IT infrastructure on a global scale.

Watch Jim Snabe’s testimony (from 2:30–7:30 minutes)

Maersk is currently experimenting with IoT and blockchain solutions to streamline and secure the tracking of shipments globally. The solutions under consideration have the potential to significantly decrease costs while at the same time keeping vital operations safe should an attack ever recur.

Will We Learn from Maersk?

In 2018, the year after Petya, NotPetya, and WannaCry unleashed havoc into the world’s IT, business leaders remain challenged by cybersecurity. If we can learn anything from Maersk, it is that embracing cybersecurity can be synonymous with embracing IT. By investing in securing IT, a company also needs to embrace the capabilities that IT can bring. If it is not development of new software, then using existing solutions to increase efficiency and effectiveness across departments can offset or in many cases profit from expenses. Customer Relationship Management, Enterprise Resource Planning, Ecommerce, and other solutions become possible once these assets can be secured.

In a world where malware unleashed in Ukraine can travel to the United States and cripple companies within a matter of hours, cybersecurity needs to be a primary consideration for everyone. Platte River’s clients were protected during the Petya attacks because we continuously monitor and update our client network, providing proactive rather than reactive security. We believe that for small and mid-sized businesses, managed service providers like us are the best way to secure IT assets and gain a competitive advantage over businesses that try to source all IT themselves. We urge business leaders to learn from Maersk by prioritizing IT from today, on.