Maersk Admits NotPetya Might Cost it $300m

Danish shipping giant Maersk has revealed that a recent ‘ransomware’ attack on its systems may have cost the company as much as $300m, highlighting the importance of effective cybersecurity.

The multi-national firm was hit in the NotPetya attacks at the end of June, which the Ukrainian security services has blamed on the Kremlin.

“In the last week of the quarter we were hit by a cyber-attack, which mainly impacted Maersk Line, APM Terminals and Damco,” said Søren Skou, CEO of A.P. Moller – Maersk, in a statement this week.

“Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted. We expect the cyber-attack will impact results negatively by USD 200-300m.”   

The ransomware caused “significant business impact especially within the container business”, according to the firm.

The revelations highlight the high financial stakes of getting cybersecurity right in a modern organization.

Petya/NotPetya is now believed to have been an attempt to cause destruction and chaos among Ukrainian businesses, landing as it did a day before the country’s Constitution Day.

Although disguised as ransomware, with a classic payment screen flashed up to victims, there was actually no way for the perpetrators to provide a decryption key, according to Eset.

In fact, the code was designed to modify a target machine’s Master Boot Record in a way that made it completely unrecoverable, the researchers said.

The attack was originally intended to destabilize the Ukraine, according to the SBU.

However, it appears as if it managed to spread outside the country via the VPNs of infected multi-nationals which had operations in the country.

Maersk is certainly one of those, but it wasn’t alone. International law firm DLA Piper, German drug maker Merck and British Nurofen manufacturer Reckitt Benckiser were also affected.

The latter said it might suffer a revenue hit of up to £100m.

What’s Hot on Infosecurity Magazine?