Back to the future for Maersk in the wake of Petya attack

Arguably one of the most sophisticated, IT savvy shipping companies in the world has had to work as if it had gone back in time to the mid-1990s for the past 48 hours.

In the two days since the Maersk Group was hit by the Petya ransomware attack, operations at many of its sites across the globe have returned to manual.

The group’s most recent update, issued yesterday evening Copenhagen time, stated that Maersk Line was taking bookings via box platform INTTRA while sister firm APM Terminals said most of its terminals were back up operating, albeit not all of them at normal speeds.

Statistics provided by shipping software provider CargoSmart however show that many of APM Terminals’ 78 facilities across the world have not received a vessel call in the past 48 hours. APM Terminals has not responded to questions sent by Splash today.

Reports are emerging too of how operations at Maersk offices around the world have been pared right back in the wake of the crippling attack.

Maersk Australia and New Zealand managing director Gerard Morrison said today that his unit’s phone and email systems had been deliberately shut down by the company to stop the spreading of the malware virus.

Morrison said Maersk’s New Zealand staff had been keeping operations going manually, using Microsoft Excel spreadsheets and hand written information to tell Port of Auckland and Port of Tauranga what to do with the cargo that needed to be unloaded off its ships.

The Port of Auckland revealed that it was receiving information about the imported cargo from Maersk manually through a Gmail account.

In India, meanwhile, Visakha Container Terminal has started handling Maersk Line vessels manually in the wake of the Petya attack.

“As VCTPL is expecting one of the largest vessels of Maersk Liner by Thursday morning, we have decided to dispense with electronic handling to avoid spread of the virus. We will allow despatch only after a thorough scrutiny,” VPT deputy chairman P.L. Haranadh told The Hindu.

APM Terminals’ main Indian hub in Mumbai has also been hard hit by the cyber attack.

In the US, the supply chain fallout from the attack, dubbed by one maritime tech expert as “shipping’s Y2K moment”, has been significant. APM Terminals’ facilty in Mobile, Alabama for instance, has been loading and unloading containers in manual mode, without the normal computerised coordination.

APM Terminals’ gate operations at Port Elizabeth in New Jersey are expected to remain shuttered today.

Maersk’s container partner, MSC, has said it is working with the Danish line to find ways to share data.

“We are working together to find other means to transmit data between the two companies. This includes … customs information,” MSC said in a statement, adding that it had not been hit by the attack. Splash understands that a number of other lines were infected by the Petya ransomware and is working to reveal their identities.

“It appears that shipping lines are potentially facing their own Y2K moment,” commented Jody Cleworth, CEO of software firm Marine Transport International. “The current legacy systems in the industry are simply not fit for purpose,” said the ex-Maersk employee. He reckoned this attack would speed up shipping’s adoption of blockchain technology.

“One of the particular problems for the supply chain is the large number of stakeholders involved – just one weak link can open them up to attack,” Cleworth said. “Shippers are now left dumbfounded waiting for contingencies from Maersk or seeking alternative carriers to ship on. It’s inevitable that supply chain actors will move towards blockchain and Trojan attacks like this would not have had any impact. Blockchains run in a sterile environment. The only way to get data in is through the chain – but an attack wouldn’t work, and it would also leave clues for forensic scientists.”

Another former Maersk man, Lars Jensen, who has founded CyberKeel, an organisation fighting maritime cybercrime, warned today that if Maersk could be hit so hard, other shipowners should be worried.

“Maersk is one of the few maritime companies which have publically indicated that not only do they allocate resources to cyber security, they were also one of the first major shipping companies to appoint a CISO [Chief Information Security Officer]. Hence from a resource and capability standpoint, the fact that they were so comprehensively brought down should serve as a major warning sign to the rest of the maritime industry that the level of resources and commitment needed to focus on cybersecurity should not be underestimated,” Jensen told Splash.

Sam Chambers

Starting out with the Informa Group in 2000 in Hong Kong, Sam Chambers became editor of Maritime Asia magazine as well as East Asia Editor for the world’s oldest newspaper, Lloyd’s List. In 2005 he pursued a freelance career and wrote for a variety of titles including taking on the role of Asia Editor at Seatrade magazine and China correspondent for Supply Chain Asia. His work has also appeared in The Economist, The New York Times, The Sunday Times and The International Herald Tribune.


  1. There CISO should be fired. Patch your computers already. In this day an age anything less than a month turn around is unacceptable risk. Even a month is risky.

  2. And yet in the midst of all this, there are those who continue to push ahead with the autonomous ship concept, in spite of this glaring issue. Even again today, SPLASH has an article on the autonomous ship cargo operations, the self unloading ship?

    So in very basic terms, we all recognize the maritime industry as a whole has a long way to go to ensure their internal security while still maintaining a connection to the rest pf the world. Developing a concept where a ship is driven by itself, overseen from a remote location, half way around the world, begs for a secure means to ensure this can be accomplished without fault, safely and securely, every second of the day. Without interruption.

    Not only is that NOT possible yet, it is likely NOT to be ready for prime time for a while longer. Rolls Royce and others involved with the autonomous ship concept would serve the industry best by furthering their efforts of ensuring cyber security FIRST before developing remote control of ships.

  3. Hmm… Excellent movie script here where some extremely nefarious group needs to import a container with something very bad in it, and must by-pass computer controls. Shutting down multiple companies/locations INCLUDING Maersk is a great diversion to ensure Homeland security does not get the scent.

  4. How come that such a big company has shown to be so vulnerable to Internet attacks? Where is their computer security? When they talk about finding a ” way to transmit data between companies” do they know what a VPN is?

  5. Yeah, let’s do this, fire that person and so on… Because we all know better then the specialists…

    The only thing that has been proven that, no matter what you do, it also can happen to you! Most of the time it’s a human error like opening files with e-mail or downloading some crap. You can protect yourself as much as you can, however, this ransomware (and other virus crap) is rapidly beeing developed.

    If there is a leak in, for example, Windows that is not know yet (thank you NSA and co), there might be nothing you can do about it.

    The only solution so far is to have a good backup offline that is not connected to the computer or network that is getting infected. Ofcours, you need to make sure that you have recent backup’s, otherwise it’s still a problem.

Back to top button