IT 'heroes' saved Maersk from NotPetya with ten-day reinstallation blitz

4,000 servers, 45,000 PCs and 2,500 apps all rebuilt, while other staff went manual

It's long been known that shipping giant Maersk suffered very badly from 2017's NotPetya malware outbreak.

Now the company's chair has detailed just how many systems went down: basically all of them.

Speaking on a panel at the World Economic Forum this week, Møller-Maersk chair Jim Hagemann Snabe detailed the awful toll of the ransomware epidemic as necessitating the reinstall “4,000 new servers, 45,000 new PCs, and 2,500 applications”. Or as Snabed described it: "a complete infrastructure."

"And that was done in a heroic effort over ten days," he said.

"Normally - I come from the IT industry - you would say that would take six months. I can only thank the employees and partners we had doing that."

Speaking from about 3:00 in the video below, Snabe said he first got word of the attack in a 4:00 AM phone call.

Youtube Video

He noted that Maersk was “probably collateral damage” in an attack designed by and for a state (Ukraine was the target: the malware was put in a malicious update to MeDoc, the country's most popular accounting software).

To recover from the attack, Snabe said the company had to revert to manual systems for the ten-day reinstall.

Given that a Maersk ship docks somewhere in the world every 15 minutes, unloading between 10,000 to 20,000 containers, it's surprising that Snabe claims the staff managed to revert to manual systems with only “a 20 per cent drop in volumes”.

The chair said people across the organisation just did the work to keep disruptions to a minimum, labeling their efforts "human resilience".

But he also warned that in the near future, as automation creates near-total reliance on digital systems, human effort won't be able to help such crises.

Noting that the internet was not designed to support the applications that now rely on it, he said "There is a need for a radical improvement of infrastructure." He called for "collaboration between companies, technology companies [and] law enforcement" to re-design the digital world.

That effort is a way off. For now Snabe plans to ensure Maersk learns from the "very significant wake-up call" that was the attack and turn its experience into a security stance that represents competitive advantage.

He also called for all businesses to stop being naïve about security, saying organisations of any size - even the mightiest - will experience disruptions if they don't take security seriously.

Maersk's own experience is that the attack it endured cost it between $250m and $300m, in line with what the company told a conference call in August 2017.

Maersk wasn't the only outfit to cop a huge NotPetya bill: pharma giant Merck was also bitten to the tune of $310m, FedEx a similar amount, while WPP and TNT were also hit but didn't detail their costs. ®

Other stories you might like

  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading
  • Amazon investors nuke proposed ethics overhaul and say yes to $212m CEO pay
    Workplace safety, labor organizing, sustainability and, um, wage 'fairness' all struck down in vote

    Amazon CEO Andy Jassy's first shareholder meeting was a rousing success for Amazon leadership and Jassy's bank account. But for activist investors intent on making Amazon more open and transparent, it was nothing short of a disaster.

    While actual voting results haven't been released yet, Amazon general counsel David Zapolsky told Reuters that stock owners voted down fifteen shareholder resolutions addressing topics including workplace safety, labor organizing, sustainability, and pay fairness. Amazon's board recommended voting no on all of the proposals.

    Jassy and the board scored additional victories in the form of shareholder approval for board appointments, executive compensation and a 20-for-1 stock split. Jassy's executive compensation package, which is tied to Amazon stock price and mostly delivered as stock awards over a multi-year period, was $212 million in 2021. 

    Continue reading
  • Confirmed: Broadcom, VMware agree to $61b merger
    Unless anyone out there can make a better offer. Oh, Elon?

    Broadcom has confirmed it intends to acquire VMware in a deal that looks set to be worth $61 billion, if it goes ahead: the agreement provides for a “go-shop” provision under which the virtualization giant may solicit alternative offers.

    Rumors of the proposed merger emerged earlier this week, amid much speculation, but neither of the companies was prepared to comment on the deal before today, when it was disclosed that the boards of directors of both organizations have unanimously approved the agreement.

    Michael Dell and Silver Lake investors, which own just over half of the outstanding shares in VMware between both, have apparently signed support agreements to vote in favor of the transaction, so long as the VMware board continues to recommend the proposed transaction with chip designer Broadcom.

    Continue reading

Biting the hand that feeds IT © 1998–2022