Shipping firm Maersk rebuilt its entire infrastructure in just ten days in order to recover from the NotPetya malware epidemic, the company has revealed.
Speaking at a panel as part of this week's World Economic Forum in Davos, the chairman of the logistics group Jim Hagemann Snabe said that the malware outbreak necessitated a full reinstallation of vast numbers of systems and applications.
"We basically found that we had to reinstall our entire infrastructure," he said. "We had to install 4,000 new servers, 45,000 new PCs and 2,500 applications - and that was done in a heroic effort over ten days."
"Normally - I come from the IT industry - you would say that would take six months; it took ten days. A heroic effort, and I can only thank the employees and partners we had on doing that."
The incident, he said, was "an important wake-up call". The company learned a number of important lessons, including the fact that Maersk was "basically average" when it came to cybersecurity. The company now has a plan to improve its security capabilities and transform them into a business asset, rather than a potential liability.
Snabe also spoke of the value of openness and collaboration in the area of cybersecurity, noting that what happened to Maersk can happen to other companies, and that a greater understanding of the problem is required.
The NotPetya outbreak had a huge impact on Maersk - the firm apparently lost between $250m and $300m as a direct result of the attack, and was forced to conduct its business manually without the aid of IT systems while the damage was repaired. Impressively, the company only saw a drop of around 20% in volume despite this.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
