Last June, the Petya ransomware attack, later referred to as NotPetya in some circles, impacted a myriad of countries, industries, and individuals. Danish container firm Maersk was one of countless businesses stymied by this global cyberattack and the most visible victim within the maritime industry.
Remember why the impact of Petya was so devastating? While it originated in Ukraine, Petya specifically exploited vulnerabilities within unpatched systems and networks and expanded rapidly to bring down IT systems around the world. The cyberattack spread a version of the Petya ransomware modified with a leaked NSA exploit, the same EternalBlue Windows flaw from the WannaCry ransomware attack. Unlike WannaCry, researchers have suggested that those behind Petya were not interested in charging ransoms but rather in wiping data.
While “no data breach or data loss to third-parties” occurred, Maersk operations were certainly impacted. It immediately shut down infected networks to contain the malware and prevent its spread. While Maersk’s three container-related businesses were taken offline, its energy and other businesses continued operating as normal. Nonetheless, this precautionary measure resulted in what the company described as “significant business interruption during the shutdown period”. The impact also wreaked havoc in the international trade industry and throughout businesses worldwide. Maersk estimated in its second quarter financial report that the company would lose up to $300 million in revenues.
Speaking at the World Economic Forum in January, Maersk chairman Jim Haggeman Snabe recounted the enormous effort to recover from Petya. “Imagine a company where you have a ship that comes into a port every 15 minutes and for 10 days and you have no IT. It’s almost impossible to even imagine,” he said. Maersk had to reinstall its entire infrastructure, installing 4,000 new servers, 45,000 new PCs, 2,500 applications in just 10 days. With the incident in the rear view, Snabe said Maersk drew important lessons from the incident, including the pitfalls of management being “naive” about cybersecurity. “This was a very significant wake up call for AP Moeller Maersk. We could say a very expensive one… Yet I argue that it was a very important wake-up call,” he said.
Lars Jenson of SeaIntelligence Consulting has warned that weak security is endemic in the shipping industry, noting that some 44 percent of carriers show signs of low levels of cybersecurity related to very basic elements, such as patching. Petya certainly showed the scale and damage a computer virus can unleash in a short amount of time, especially against a technology dependent and inter-connected industry like maritime.
This anniversary reminds us that the maritime industry needs to be better equipped to face the next cyberattack, whether globally, like Petya, or specifically targeted at individual organizations. To do so, maritime organizations must implement the proper security and access control measures to ensure sensitive data does not end up in the wrong hands leading to system and network compromise. Additionally, when attacked, maritime and port organizations must be prepared to respond to cyber-attacks and have contingency plans in place to minimize the disruption to operations and commerce.
Gnostech continues to educate maritime organizations with our maritime cybersecurity blog and provide a more in-depth technical information with our monthly SafeHarbor Brief newsletter. Gnostech will continue to expand our cybersecurity solutions and services to mitigate risk and protect maritime systems and data. Our objective is to do our part in helping the maritime and port communities maintain uninterrupted global trade and commerce.
About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com or stay connected by following us on LinkedIn or @GnostechInc in Twitter.