LovePhy - stock.adobe.com

Danish shipping giant Maersk recovering from major Petya cyber attack

Company confirms attack took down its IT system across multiple sites and business units, but has now been contained

Danish shipping and transport giant AP Møller-Maersk, which handles one out of seven containers shipped worldwide, was one of the companies hardest hit by the latest major ransomware outbreak, widely known as Petya or NotPetya.

Møller-Maersk confirmed on Tuesday 27 June that its IT system was down across multiple sites and business units. The company later said the attack had been contained and its container shipment arm Maersk Line could receive bookings again, despite some systems still being affected. 

“A number of IT systems are shut down across multiple sites and select business units, also impacting email systems,” Maersk said in a statement. “Business continuity plans are being implemented and prioritised.”

The company said it was collaborating with IT experts and cyber crime agencies to reinstate services safely.

Maersk is not currently giving details about the number of sites and locations affected by the attack, but said all Maersk Line vessels are under control. Maersk Line’s chief commercial officer, Vincent Clerc, told Reuters on Wednesday 28 June that no data had been lost through the cyber attack.

Clerc also confirmed that the attack had caused congestion at some of the 76 ports run by Maersk’s port operator arm, APM Terminals, including ports in Denmark, India, Spain, the US and Netherlands. In a statement issued on Wednesday evening, Maersk said most terminals were operational, although operational speed and functionality might be reduced.

Maersk has yet to say when operations will return to normal or disclose the total business impact of the cyber attack.

Read more about Petya

The company updated its statement late on Thursday to say it was cautiously working towards technical recovery. 

Petya works by encrypting files on infected computers and demanding bitcoin in exchange for an encryption key to restore the systems. Its name comes from the Petay strain of ransomware, although researchers at Kaspersky Lab have suggested the current attack comes from a new ransomware, dubbing it NotPetya.

On Tuesday, Kaspersky estimated that the ransomware had hit about 2,000 users, particularly in Russia and Ukraine, while incidents were recorded in many other countries, including Germany, France, Poland, the UK and the US.

Among high-profile companies affected by the outbreak were advertising giant WPP, global law firm DLA Piper, US-based healthcare provider Heritage Valley Health Systems and several banks in Russia and Ukraine.

Following the Maersk incident, Denmark’s Centre for Cyber Security reported that Danish authorities and companies had not been widely affected by the attack, but the situation remained under review.

Read more on Hackers and cybercrime prevention