Maersk issues update on cyber attack

The world’s largest container line is one of many companies and organizations that have reported being hit by a cyber attack this week.    The A.P. Moller-Maersk Group was one of several international companies hit by a so-called “Petya” cyber attack on Tuesday, affecting the company’s liner shipping and terminal operations.
   Petya is reportedly a ransomware attack, in which victims are ordered to pay money to restore access to their system. Infected computers with this latest attack receive a message demanding a Bitcoin ransom worth $300, multiple media sources have reported.
   Maersk issued a notice today confirming that some of its IT and communications infrastructure had been impacted and it has shut down as a security measure.
   “At the present time, we are unfortunately unable to serve new quotes or accept future bookings,” Maersk said.
   The carrier also reported that all immediate vessel operations will continue as planned, making the majority of scheduled port calls, while cargo in transit will be offloaded as planned, with import cargo being released to credit customers. Although access to most ports is not impacted, some APM Terminals (APMT) are affected and gates are closed.
   The Port Authority of New York & New Jersey issued a notice this morning saying that APMT Elizabeth is working to resolve the attack, which has impacted telephone lines and email channels. APMT Elizabeth continues to work vessels, but gate operations are closed today. It is unclear whether the terminal’s gate operations will be opened tomorrow.
   Mediterranean Shipping Co. (MSC), Maersk Line’s partner in the 2M Alliance vessel sharing agreement on major east-west trades, issued a notice today saying its systems and business operations are working normally and bookings can be placed as usual.
   MSC said it is working with Maersk “to find other means to transmit data between the two companies,” including vessel bayplans, load lists and customs information.
   “If necessary, the 2M partners are prepared to divert ships away from terminals which are not currently operating as a result of the attack,” MSC added. “MSC operates 53 terminals around the world, which are fully available to 2M vessels to load and unload cargo with minimal delay.”
   Lars Jensen, CEO of maritime cyber security consultant Cyberkeel and CEO at SeaIntelligence Consulting, said in an article on LinkedIn that Maersk Line ships nearly 3,300 TEUs per hour, generating a revenue stream of $2.9 million per hour. For the first 20 hours alone since the start of the attack, this added up to roughly 66,000 TEUs and $59 million.
   Although this does not mean Maersk lost this level of business, as likely a number of customers will simply postpone their bookings for a little while, the longer the outage lasts, the more customers will start to shift their cargo volumes to other carriers, Jensen explained.
   He said that at the time of writing his post, it was unknown how long it would take Maersk to get back online.
   “We do not presently have information as to how Maersk was infected, nor the status of their cyber defenses prior to the attack,” he said.
   The maritime industry’s vulnerability to cyber attacks is a topic that has been covered extensively at CyberKeel since 2013, Jensen said.
   “We have specifically warned repeatedly against the likelihood of ransomware (and similar) attacks,” he said. “A key component in the cyber defense for such attacks is having a solid plan for reinstalling everything from back-up.”
   Netherlands-based shipping company TNT Express, now a subsidiary of FedEx, also said it was experiencing system interference following a global cyber attack, however, it did not specify whether or not it was related to the Petya attack.
   “Like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network,” the company said. “We are assessing the situation and are implementing remediation steps as quickly as possible.”
   Various other companies and organizations have also reported being hit by cyber attacks, Reuters said Tuesday. Some of the most notable included the world’s largest advertising company, WPP, which said computer systems within several of its agencies had been hit by a suspected cyber attack; pharmaceutical company Merck & Co.; Russian banks; Ukrainian banks and power grids; the Boryspil International Airport in the Ukraine; and Deutsche Post’s express division’s systems in the Ukraine.