A new report alleges that APM Terminals may have had cybersecurity vulnerabilities at a Rotterdam terminal at points prior to the "Petya" attacks on June 27. The global port operator’s Maasvlakte 1 and 2 container terminals were closed for a week because the IT shutdown prevented access to records on cargo ownership and routing.
A story by Dutch news outlet Volkskrant alleges that APM's terminal operating system at Maasvakte 2 lacked antivirus protection, penetration testing and firewall separation as late as 2015, and that warnings from security experts continued into 2016. If APM's business networks were still not separated from its terminal operating system at the time of the Petya attack last month, the malware could have potentially crossed over from APM’s business network to infect the terminal’s operations network.
APMT would not confirm Volkskrant's report. "We do not comment on speculation. Our company has many layers of firewall protection, and the latest cyberattack hit the entire system, not just Rotterdam specifically," said Thomas Boyd, communications director of APM Terminals, speaking to Berlingske Business.
Worldwide, 17 APMT terminals were affected, including shutdowns or severe slowdowns for its cargo operations at Nhava Sheva (JNPT), Mobile, Alabama, Port Elizabeth and Port of Los Angeles. Sister company Maersk Line also suffered significant disruption to its booking systems. Maersk Group said that its other business units were not affected; it has not yet released an estimate of the economic damages it suffered in the attack.
The "Petya" ransomware attack hit large companies and organizations of all kinds, spreading on its own between networked computers around the world. It encrypted each affected computer's hard drive, then demanded a ransom of $300 in bitcoin in exchange for decryption instructions. In most cases, the sole option for removing an infection was to erase each computer's hard drive and restore data from a backup.