Petya Ransomware Cyber-Attack on Maersk

Petya Ransomware Cyber-Attack on Maersk

Source: Maersk website and The Maritime Executive (28 July 2017).

In the Summer of 2017, a cyber-attack in the form of the “Petya” ransomware affected the Maersk group. The source of the attack is attributed to a Ukrainian accounting software company, whose server had been hacked by the Russian government. Once the accounting software patch was installed on a Maersk computer in its Odessa offices, it spread across the whole network. Maersk contained the attack but had to shut down multiple systems in order to prevent the malware from spreading. For a short while, Maersk Line was unable to accept new electronic bookings on its own systems. Its APM Terminals division suffered from the effects of the attack at 17 port terminals worldwide, including shutdowns or severe slowdowns for cargo operations at Nhava Sheva (JNPT), Rotterdam, Mobile, Alabama, Port Elizabeth, and Port of Los Angeles. Some terminals had to reserve extra storage space for export containers that were temporarily stranded by APM’s inability to access booking data.

This attack affected not only Maersk but major supply chain actors such as FedEx and TNT, with damages estimated to be around $10 billion, including $300 for Maersk. The event sent shock waves through the supply chain, causing all parties to re-evaluate their cybersecurity defenses. It remains one of the most significant attacks yet undertaken.