Dive Brief:
-
Following last June's global wiper cyberattack Nyetya, also known as NotPetya, shipping giant Maersk was forced to reinstall more than 4,000 servers, 45,000 PCs and 2,500 applications in just 10 days, according to Jim Hagemann Snabe, chairman of Maersk, reports Bleeping Computer.
-
"We basically had to reinstall an entire infrastructure," said Snabe, speaking on a panel at the World Economic Forum in Davos, Switzerland last week. The process of reconstructing such massive infrastructure would normally take at least six months, he said.
-
During that time, Maersk was operating essentially without IT and experienced "a 20% drop in volume," according to Snabe.
Dive Insight:
Nyetya, a variant of the ransomware Petya which originated from a hacked Ukrainian website and spread through a false Windows update, struck late last June.
Nyetya spread quickly through the EternalBlue exploit, which was also the tool used in May's WannaCry attack. However, unlike WannaCry, Nyetya was only disguised as ransomware. The malware was a wiper, and researchers concluded that impacted users would not be able to regain their lost data.
Because Nyetya was designed to "spread fast and cause damage," according to researchers, victims were left with little recourse. Nyetya ultimately cost Maersk between $250 million and $300 million.
From the time of the attack to mid-August, the company had to effectively shut down various global Maersk Group operations. As a result, Maersk's customers were "diverting their bookings" during the initial two-week outbreak, which cost the company a 2.5% decline in Maersk Line volumes.
Overturning an entire technical infrastructure in just 10 days speaks volumes to Maersk's IT workforce. Still, with a proper foundation in cybersecurity, companies are less likely to feel the impact of a global cyberattack.
Reinforcing stricter authorization could also help save a company from massive destruction. After all, one of the ways Nyetya was able to spread so quickly was by automatically stealing company credentials once the code was released.