Shipping giant and NotPetya victim Maersk was forced to replace tens of thousands of servers and computers in the aftermath of the 17 June ransomware attack, the company's chairman said in Davos at the World Economic Forum.
Maersk chairman Jim Hagemann Snabe said while participating on a cyber-security panel at the conference that his company replaced 45,000 PCs, 4,000 servers and installed 2,500 applications. The computer system runs an operation where a ship carrying 20,000 containers enters a port every 15 minutes somewhere around the world. Overall, Maersk handles 20 percent of all world trade, he said.
“We found we had to reinstall our entire infrastructure. It was done in a heroic effort in just 10 days,” he said, adding such a job should take about six months to complete.
The massive IT undertaking along with business lost due to the almost total shutdown of the company's computer network has cost Maersk between US$ 250 million (£201 million) and US$ 300 million (£241 million). During the period when the computer network was being rebuilt all transactions had to be completed manually, but Snabe said this only resulted in about a 20 percent fall off in the amount of freight being handled due to the hard work by company employees and their customers being very understanding of the situation.
Snabe also ran down a few lessons Maersk learned from the event.
“We found we were only average when it comes to cyber-security. Now we want to become a company where our cyber-security becomes a competitive advantage,” he said.
He also believes that the company's decision to be open about the problem, using Twitter to communicate what was taking place was a benefit and helped alleviate some of the issues associated with the attack.
In autumn 2017 Symantec reported the 20 countries with the most organisations affected by Petya. Unsurprisingly, Ukraine was most significantly impacted, with close to 140 groups infected. The US was number two, with a little more than 40 companies infected. Russia, France and the UK had the next highest number of infected organisations.
It is now widely accepted that the attack most likely started when hackers allegedly compromised the update server of Ukrainian accounting software company MeDoc so that it would dispense NotPetya to unsuspecting victims. Indeed, Check Point Software Technologies has reported that in May the same company that is suspected was involved in the distribution of XData ransomware.