Shipping giant and NotPetya victim Maersk was forced to replace tens of thousands of servers and computers in the aftermath of the June 17 ransomware attack, the company's charman said in Davos at the World Economic Forum.
Maersk Chairman Jim Hagemann Snabe said while participating on a cybersecurity panel at the conference that his company replaced 45,000 PCs, 4,000 servers and install 2,500 applications. The computer system runs an operation where a ship carrying 20,000 containers enters a port every 15 minutes somewhere around the world. Overall, Maersk handles 20 percent of all world trade, he said.
“We found we had to reinstall our entire infrastructure. It was done in a heroic effort in just 10 days,” he said, adding such a job should take about six months to complete.
The massive IT undertaking along with business lost due to the almost total shutdown of the company's computer network has cost Maersk between $250 million and $300 million. During the period when the computer network was being rebuilt all transactions had to be completed manually, but Snabe said this only resulted in about a 20 percent fall off in the amount of freight being handled due to the hard work by company employees and their customers being very understanding of the situation.
Snabe also ran down a few lessons Maersk learned from the event.
“We found we were only average when it comes to cybersecurity. Now we want to become a company where our cybersecurity becomes a competitive advantage,” he said.
He also believes that the company's decision to be open about the problem, using Twitter to communicate what was taking place was a benefit and helped alleviate some of the issues associated with the attack.
In the fall of 2017 Symantec reported that 20 countries with the most organizations affected by Petya. Unsurprisingly, Ukraine was most significantly impacted, with close to 140 groups infected. The U.S. was number two, with a little more than 40 companies infected. Russia, France and the U.K. had the next highest number of infected organizations.
It is now widely accepted that the attack most likely started when hackers allegedly compromised the update server of Ukrainian accounting software company MeDoc so that it would dispense NotPetya to unsuspecting victims. Indeed, Check Point Software Technologies has reported that in May the same company is suspected was involved in the distribution of XData ransomware.