[BreachExchange] Maersk says Windows ransomware attack may cost it US$300m

Destry Winant destry at riskbasedsecurity.com
Thu Aug 17 09:38:30 EDT 2017


https://www.itwire.com/security/79500-maersk-says-windows-ransomware-attack-may-cost-it-us$300m.html

The container shipping company A.P. Moller–Maersk Group expects that a
Windows ransomware attack it suffered in June will cost it between
US$200 million and US$300 million.

In a note accompanying thge company's interim report for the second
financial quarter of 2017, chief executive Søren Skou said: "In the
last week of the quarter we were hit by a cyber attack, which mainly
impacted Maersk Line, APM Terminals and Damco.

"Business volumes were negatively affected for a couple of weeks in
July and as a consequence, our Q3 results will be impacted. We expect
that the cyber attack will impact results negatively by USD 200-300m."

Maersk is a Danish business conglomerate that operates in the
transport and logistics, and energy sectors. It has been the largest
container ship and supply vessel operator since 1996.

The ransomware attack in question was known by various names: Petya
(nomenclature given to ransomware that already exists), NotPetya,
ExPetr, Nyetya and GoldenEye.

It began in Europe and then spread to other regions, encrypting files
on Windows machines and demanding 100 bitcoin for decrypting the same.

According to CNBC, Maersk first announced on 28 June that the
ransomware could affect its earnings.

At the time it said: "We can confirm that Maersk has been hit as part
of a global cyber attack named Petya on the 27 June 2017. IT systems
are down across multiple sites and select business units.

"We have contained the issue and are working on a technical recovery
plan with key IT-partners and global cyber security agencies.

"We have shut down a number of systems to help contain the issue. At
this point our entities Maersk Oil, Maersk Drilling, Maersk Supply
Services, Maersk Tankers, Maersk Training, Svitzer and MCI are not
operationally affected. Precautionary measures have been taken to
ensure continued operations.

"Maersk Line vessels are manoeuvrable, able to communicate and crews
are safe. APM Terminals is impacted in a number of ports."

CNBC quoted the company as saying on Tuesday: "This cyber attack was a
previously unseen type of malware, and updates and patches applied to
both the Windows systems and anti-virus were not an effective
protection in this case.

"In response to this new type of malware, A.P. Moller Maersk has put
in place different and further protective measures and is continuing
to review its systems to defend against attacks."


More information about the BreachExchange mailing list