New details emerged Wednesday on the extent of the “Petya” ransomware attack on A.P. Moller-Maersk (Maersk Group), one of the world's most prominent maritime conglomerates. The attack has affected Maersk's container bookings and its terminal operations, with as-yet-unknown implications for the firm's revenue.
In an update posted at 1045 hours GMT, Maersk said that the attack has been contained, but that it has been forced to shut down multiple systems in order to prevent the “Petya” malware from spreading. The firm said that it has not lost any data, and the majority of its business units – Maersk Oil, Maersk Drilling, Maersk Supply Services, Maersk Tankers, Maersk Training, Svitzer and MCI – have not been "operationally affected."
However, two of its biggest businesses – top container carrier Maersk Line and leading port operator APM Terminals – have suffered worldwide effects. Maersk Line was unable to accept new electronic bookings for cargo beginning late Tuesday, and its enterprise systems are not yet fully back up.
In an update Wednesday, Maersk Line said that it has resumed accepting electronic bookings via the INTTRA shipping portal (for customers with existing accounts). INTTRA posted an advisory indicating that it maintained continuity of service for customers making Maersk bookings, including the period when Maersk’s own systems were down. “INTTRA continues to accept and process Maersk booking requests in the usual manner and Maersk confirmations will be sent when Maersk IT systems restore normal operations,” the firm said. In addition, the firm reported that that “existing loading lists have not been impacted and are currently up to date,” and that most ports continue normal loading operations for Maersk cargo.
Maersk’s own terminal operations have not been so fortunate. Its APM Terminals division has reportedly suffered from the effects of the attack at 17 ports worldwide, including shutdowns or severe slowdowns for cargo operations at Nhava Sheva (JNPT), Rotterdam, Mobile, Alabama, Port Elizabeth and Port of Los Angeles. At Nhava Sheva, port officials have reportedly been setting aside extra storage space for export containers that have been temporarily stranded by APM's inability to access booking data. At Port of Los Angeles, APM's Pier 400 – the port's largest container terminal – was closed to inbound truckers on Wednesday.
Maersk Group said that the attack has not affected the safety of its vessels, which remain maneuverable and able to communicate. The firm did not specify whether any shipboard IT systems have been infected with the ransomware.
Ransom isn't the biggest problem with ransomware
The "Petya" ransomware (known in cybersecurity circles as "NotPetya," as it mimics the appearance of an earlier malware program of the same name) spreads on its own between networked computers, speeding its assault on large organizations. It encrypts each computer's hard drive, then demands a ransom of $300 in bitcoin in exchange for decryption instructions. Bitcoin payments can be accurately tracked, and security experts said Wednesday that only about 30 people worldwide have paid. Whether or not they made a payment, they may never get their data back, as the contact email address for the hackers has been blocked.
This raises questions about the true purpose of the hack. Experts say that the real economic damage from the "Petya" attack stems not from the ransom, but from the way it forces companies to take down their own business IT systems in order to prevent the malware from spreading. In this sense, it mirrors the “WannaCry” ransomware attack last month, which caused gridlock at FedEx, the UK’S National Health Service, Spanish telecom firm Telefonica and others.
These attacks have significant implications for all industries, but especially for global operators like maritime firms. “This event has sent shock waves through the supply chain, causing all parties to reevaluate their cyber security defenses,” said John McLaurin, president of the Pacific Merchant Shipping Association, speaking to the Long Beach Press-Telegram.