NotPetya ransomware attack cost us $300m – shipping giant Maersk
IT crippled so badly firm relied on WhatsApp
The world's largest container shipping biz has revealed the losses it suffered after getting hit by the NotPetya ransomware outbreak, and the results aren't pretty.
The malware surfaced in Ukraine in June after being spread by a malicious update to MeDoc, the country's most popular accounting software. Maersk picked up an infection that hooked into its global network and shut down the shipping company, forcing it to halt operations at 76 port terminals around the world.
"In the last week of the quarter we were hit by a cyber-attack, which mainly impacted Maersk Line, APM Terminals and Damco," CEO Soren Skou said in a statement today.
"Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted. We expect that the cyber-attack will impact results negatively by USD 200-300m."
Admittedly Maersk is massive – it's responsible for around 15 per cent of the world's entire shipping network – but that kind of financial damage is close to a record for such an attack. Then again, the company's entire network was down for days, Skou told the Financial Times.
“It was frankly quite a shocking experience,” said Skou. “Your email goes down, all your address system. We ended up having to use WhatsApp on our private phones. Most business problems, you will have an intuitive idea on what to do. But with this and my skills, I had no intuitive idea on how to move forward.”
Skou said that he decided to take personal charge of the situation, sitting in on IT meetings and getting daily updates on the malware's progress. He says he learned that there was nothing that could have been done to stop the attack, but he wants to strengthen the company's systems against further attacks.
Maersk wasn't the only multinational to be hit by NotPetya. WPP, the world's largest advertising agency, also took a major hit, as did deliveries firm TNT. While the latter biz hasn’t responded to requests for comment it's understood to have taken weeks to sort out its infection with a permanent loss of data. ®