Within half an hour, Maersk employees were running down hallways, yelling to their colleagues to turn off computers or disconnect them from Maersk’s network before the malicious software could infect them, as it dawned on them that every minute could mean dozens or hundreds more corrupted PCs. Tech workers ran into conference rooms and unplugged machines in the middle of meetings.
Disconnecting Maersk’s entire global network took the company’s IT staff more than two panicky hours.
“That’s a degree of recklessness we can’t tolerate on the world stage.” In the year since NotPetya shook the world, WIRED has delved into the experience of one corporate goliath brought to its knees by Russia’s worm: Maersk, whose malware fiasco uniquely demonstrates the danger that cyberwar now poses to the infrastructure of the modern world.
The story of NotPetya isn’t truly about Maersk, or even about Ukraine.
It’s the story of a nation-state’s weapon of war released in a medium where national borders have no meaning, and where collateral damage travels via a cruel and unexpected logic: Where an attack aimed at Ukraine strikes Maersk, and an attack on Maersk strikes everywhere at once.
“In the history of shipping IT, no one has ever gone through such a monumental crisis.” The Untold Story of NotPetya the Most Devastating Cyberattack in History MIKE MCQUADE Several days after his screen had gone dark in a corner of Maersk’s office, Henrik Jensen was at home in his Copenhagen apartment, enjoying a brunch of poached eggs, toast, and marmalade.
Its singular purpose: to rebuild Maersk’s global network in the wake of its NotPetya meltdown.
Maersk had essentially given the UK firm a blank check to make its NotPetya problem go away, and at any given time as many as 200 Deloitte staffers were stationed in the Maidenhead office, alongside up to 400 Maersk personnel.
All computer equipment used by Maersk from before NotPetya’s outbreak had been confiscated, for fear that it might infect new systems, and signs were posted threatening disciplinary action against anyone who used it.
No one could find a backup for one crucial layer of the company’s network: its domain controllers, the servers that function as a detailed map of Maersk’s network and set the basic rules that determine which users are allowed access to which systems.
About two weeks after the attack, Maersk’s network had finally reached a point where the company could begin reissuing personal computers to the majority of staff.
Five months after Maersk had recovered from its NotPetya attack, Maersk chair Jim Hagemann Snabe sat onstage at the World Economic Forum meeting in Davos, Switzerland, and lauded the “Heroic effort” that went into the company’s IT rescue operation.
Snabe went on, Maersk has worked not only to improve its cybersecurity but also to make it a “Competitive advantage.” Indeed, in the wake of NotPetya, IT staffers say that practically every security feature they’ve asked for has been almost immediately approved.
Aside from the company’s lost business and downtime, as well as the cost of rebuilding an entire network, Maersk also reimbursed many of its customers for the expense of rerouting or storing their marooned cargo.
All told, Snabe estimated in his Davos comments, NotPetya cost Maersk between $250 million and $300 million.