Ransomware: Maersk says it has learned an important lesson in its fight against NotPetya
"Protection is important, but it's just as important to make sure your recovery process is solid … Companies that really focus on these two aspects and investment will be better able to deal with future threats. said the head of IT security at shipping giant Maersk.
In June 2017, the world is rocked by a global computer attack. tens of thousands of computers have been infected by a computer program known to be called NotPetya.
This article will also interest you: How Fleury Michon almost got seen by a ransomware
A ransomware-type program, even if according to analysts, it is a Wiper, computer virus whose objective is sabotage. Several major companies around the world were affected, including shipping giant Maersk. 2 years after the event, we are trying to do a full analysis of what really happened.
"I remember that morning, laptops were restarting sporadically and it didn't seem like a cyber-attack at the time, but very quickly the real impact became obvious. Lewis Woodcock, head of cybersecurity compliance at the world's largest container shipping company, Moller-Maersk, said. "The severity for me was really felt when I was walking around the offices and seeing rows and rows of screens, all black. There was a moment of disbelief at the ferocity, speed and scale of the attack and the impact it had," he said at CYBER UK 19, a conference on computer security organised by the UK's National Cyber Security Centre (NCSC).
The attack on the shipping giant began on June 27, 2017, when the virus had already begun infecting some terminals about a week before. In practice it has been confirmed that Maersk was a collateral victim of the computer program. Based on several analyses, experts say the computer program was nothing more than a cyber weapon. A program designed to undermine the integrity of the computer systems targeted by these publishers. According to some rumors, it was the work of the Russian army that wanted to attack Ukraine, the place where the NotPetya epidemic began.
Unfortunately it is possible that the virus has escaped control and spread throughout the world. What is certain, once a computer is infected with this virus, it was literally impossible to recover the data from this terminal. the damage caused by this virus has been estimated at billions of dollars. The shipping company was one of the companies most affected by this malicious computer program. It is known that each vessel in the group carries up to 20,000 containers. That every 15 minutes one of these container ships enters a port all over the world. More than 50,000 terminals belonging to the shipping groups have been infected. Software and servers all spread over 600 sites in 130 countries were also affected by the deployment of NotPetya. This unexpected problem by the company would have cost about $300 million in losses.
Because society was on two fronts. That of continuing to function properly by performing the usual tasks but manually, and restoring its computer system. A process that took longer and was considered a "serious business interruption." ». "Much of this recovery was based on human resilience: we rebuilt our IT infrastructure over a 10-day period, during which time we did everything in our power to maintain our normal operations. Woodcock explained. "Every 15 minutes or so, a container arrives at the port; you can imagine human intervention, manual processes put in place to try to make operations work. ».
While the shipping company lost revenue, it still managed to execute the operations that were under its control at the time of the computer attack, an effort that was described by the cybersecurity compliance manager as "a turnaround effort for the entire company. »
Now access an unlimited number of passwords: