Arguably one of the most sophisticated, IT savvy shipping companies in the world has had to work as if it had gone back in time to the mid-1990s for the past 48 hours.
In the two days since the Maersk Group was hit by the Petya ransomware attack, operations at many of its sites across the globe have returned to manual.
The group’s most recent update, issued yesterday evening Copenhagen time, stated that Maersk Line was taking bookings via box platform INTTRA while sister firm APM Terminals said most of its terminals were back up operating, albeit not all of them at normal speeds.
Statistics provided by shipping software provider CargoSmart however show that many of APM Terminals’ 78 facilities across the world have not received a vessel call in the past 48 hours. APM Terminals has not responded to questions sent by Splash today.
Reports are emerging too of how operations at Maersk offices around the world have been pared right back in the wake of the crippling attack.
Maersk Australia and New Zealand managing director Gerard Morrison said today that his unit’s phone and email systems had been deliberately shut down by the company to stop the spreading of the malware virus.
Morrison said Maersk’s New Zealand staff had been keeping operations going manually, using Microsoft Excel spreadsheets and hand written information to tell Port of Auckland and Port of Tauranga what to do with the cargo that needed to be unloaded off its ships.
The Port of Auckland revealed that it was receiving information about the imported cargo from Maersk manually through a Gmail account.
In India, meanwhile, Visakha Container Terminal has started handling Maersk Line vessels manually in the wake of the Petya attack.
“As VCTPL is expecting one of the largest vessels of Maersk Liner by Thursday morning, we have decided to dispense with electronic handling to avoid spread of the virus. We will allow despatch only after a thorough scrutiny,” VPT deputy chairman P.L. Haranadh told The Hindu.
APM Terminals’ main Indian hub in Mumbai has also been hard hit by the cyber attack.
In the US, the supply chain fallout from the attack, dubbed by one maritime tech expert as “shipping’s Y2K moment”, has been significant. APM Terminals’ facilty in Mobile, Alabama for instance, has been loading and unloading containers in manual mode, without the normal computerised coordination.
APM Terminals’ gate operations at Port Elizabeth in New Jersey are expected to remain shuttered today.
Maersk’s container partner, MSC, has said it is working with the Danish line to find ways to share data.
“We are working together to find other means to transmit data between the two companies. This includes … customs information,” MSC said in a statement, adding that it had not been hit by the attack. Splash understands that a number of other lines were infected by the Petya ransomware and is working to reveal their identities.
“It appears that shipping lines are potentially facing their own Y2K moment,” commented Jody Cleworth, CEO of software firm Marine Transport International. “The current legacy systems in the industry are simply not fit for purpose,” said the ex-Maersk employee. He reckoned this attack would speed up shipping’s adoption of blockchain technology.
“One of the particular problems for the supply chain is the large number of stakeholders involved – just one weak link can open them up to attack,” Cleworth said. “Shippers are now left dumbfounded waiting for contingencies from Maersk or seeking alternative carriers to ship on. It’s inevitable that supply chain actors will move towards blockchain and Trojan attacks like this would not have had any impact. Blockchains run in a sterile environment. The only way to get data in is through the chain – but an attack wouldn’t work, and it would also leave clues for forensic scientists.”
Another former Maersk man, Lars Jensen, who has founded CyberKeel, an organisation fighting maritime cybercrime, warned today that if Maersk could be hit so hard, other shipowners should be worried.
“Maersk is one of the few maritime companies which have publically indicated that not only do they allocate resources to cyber security, they were also one of the first major shipping companies to appoint a CISO [Chief Information Security Officer]. Hence from a resource and capability standpoint, the fact that they were so comprehensively brought down should serve as a major warning sign to the rest of the maritime industry that the level of resources and commitment needed to focus on cybersecurity should not be underestimated,” Jensen told Splash.