IT 'heroes' saved Maersk from NotPetya with ten-day reinstallation blitz

It's long been known that shipping giant Maersk suffered very badly from 2017's NotPetya malware outbreak.

Now the company's chair has detailed just how many systems went down: basically all of them.

Speaking on a panel at the World Economic Forum this week, Møller-Maersk chair Jim Hagemann Snabe detailed the awful toll of the ransomware epidemic as necessitating the reinstall “4,000 new servers, 45,000 new PCs, and 2,500 applications”. Or as Snabed described it: "a complete infrastructure."

"And that was done in a heroic effort over ten days," he said.

"Normally - I come from the IT industry - you would say that would take six months. I can only thank the employees and partners we had doing that."

Speaking from about 3:00 in the video below, Snabe said he first got word of the attack in a 4:00 AM phone call.

Youtube Video

He noted that Maersk was “probably collateral damage” in an attack designed by and for a state (Ukraine was the target: the malware was put in a malicious update to MeDoc, the country's most popular accounting software).

To recover from the attack, Snabe said the company had to revert to manual systems for the ten-day reinstall.

Given that a Maersk ship docks somewhere in the world every 15 minutes, unloading between 10,000 to 20,000 containers, it's surprising that Snabe claims the staff managed to revert to manual systems with only “a 20 per cent drop in volumes”.

The chair said people across the organisation just did the work to keep disruptions to a minimum, labeling their efforts "human resilience".

But he also warned that in the near future, as automation creates near-total reliance on digital systems, human effort won't be able to help such crises.

Noting that the internet was not designed to support the applications that now rely on it, he said "There is a need for a radical improvement of infrastructure." He called for "collaboration between companies, technology companies [and] law enforcement" to re-design the digital world.

That effort is a way off. For now Snabe plans to ensure Maersk learns from the "very significant wake-up call" that was the attack and turn its experience into a security stance that represents competitive advantage.

He also called for all businesses to stop being naïve about security, saying organisations of any size - even the mightiest - will experience disruptions if they don't take security seriously.

Maersk's own experience is that the attack it endured cost it between $250m and $300m, in line with what the company told a conference call in August 2017.

Maersk wasn't the only outfit to cop a huge NotPetya bill: pharma giant Merck was also bitten to the tune of $310m, FedEx a similar amount, while WPP and TNT were also hit but didn't detail their costs. ®