Fraud Management & Cybercrime , Governance & Risk Management , Incident & Breach Response
Maersk Previews NotPetya Impact: Up to $300 MillionShipping Giant Lauded for Crisis Communications Following Malware Outbreak
Danish shipping giant A.P. Møller - Maersk faces a loss of up to $300 million as a result of the NotPetya global malware outbreak.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
After NotPetya infected systems at Maersk, the world's biggest shipping firm had to reroute ships and was unable to dock or unload cargo ships in dozens of ports.
"In the last week of the quarter we were hit by a cyberattack, which mainly impacted Maersk Line, APM Terminals and Damco," Maersk CEO Søren Skou, said in an interim report issued Wednesday. "Business volumes were negatively affected for a couple of weeks in July. We expect that the cyberattack will impact results negatively by $200-$300 million."
The malware known as NotPetya - aka SortaPetya, Petna, ExPetr, GoldenEye, Nyetya, Diskcoder.C - hit organizations beginning June 27. Cyber police in Ukraine, as well as such security firms as Cisco Talos, ESET, Microsoft and Symantec, have said the attacks were facilitated by a "cunning backdoor" added to widely used accounting software (see NotPetya Patient Zero: Ukrainian Accounting Software Vendor).
From there, NotPetya spread to businesses with Ukraine-based offices or business partners, in part by targeting an SMB flaw that Microsoft had patched prior to the NotPetya outbreak. But NotPetya could also spread via two legitimate Windows tools - PsExec and Windows Management Instrumentation - as well as use the open source Mimikatz tool to attempt to steal passwords from infected systems (see Ransomware Smackdown: NotPetya Not as Bad as WannaCry).
Ukraine Hit Hard
Organizations in Ukraine, including government agencies, appear to have experienced the brunt of NotPetya infections. The Ukrainian government has yet to detail in full the costs, outages or cleanup - some of which likely continues. But it has blamed the attack on Russia.
After Ukraine, Russia, Poland, Italy and Germany appeared to suffer the greatest number of related infections, according to security firm Kaspersky Lab.
Organizations around the world, however, were disrupted. They include Britain's WPP - the world's biggest advertising agency, Russian oil giant Rosneft, international law firm DLA Piper and French construction materials company Saint-Gobain.
Numerous U.S.-based organizations also reported disruptions, including snacks business Mondelez, whose brands include Oreos, Cadbury and Toblerone; pharmaceutical giant Merck; and Pennsylvania-based Heritage Valley Health System.
Maersk Lauded for Crisis Communications
Unlike some, however, Maersk has been ultra-transparent about its NotPetya disruptions and cleanup efforts. The company first warned on June 28 that it had been hit by NotPetya and has continued to issue regular updates.
Mikko Hypponen, chief research officer of Finnish security firm F-Secure, last month said Maersk exemplifies the right way to handle crisis communications. Its choice to emphasize transparency also stands in sharp contrast to how many firms, even publicly traded ones, choose to handle post-attack communications with customers or users, whether as a result of NotPetya or other incidents (see Breach Transparency Kudos to Hacked Kiosk Maker).
Crisis communication experts, take note. The Maersk case is going to be textbook material on how to do it right. #Petya https://t.co/byyg2MBLoO— Mikko Hypponen (@mikko) July 12, 2017
More Cleanup Costs Come to Light
While Maersk may be on the leading edge of communicating its NotPetya incident response efforts, further details about other organizations' disruptions and incident response efforts continue to come to light.
Last month, for example, U.S.-based FedEx reported in a U.S. Securities and Exchange Commission filing that its Netherlands-based TNT Express subsidiary was still recovering. "Our 2018 results will be negatively affected by our TNT Express integration and restructuring activities, as well as the impact of the TNT Express cyberattack," it said in the filing (see FedEx Warns NotPetya Will 'Negatively Affect' Profits).
FedEx didn't immediately respond to a request for an update on those efforts, when remediation would be complete and the estimated costs that the recovery would entail.
Nuance, a Massachusetts-based medical transcription vendor, will also see a significant financial impact from NotPetya. On July 21, Nuance reported making "significant progress in remediating systems related to the malware incident." Nevertheless, the company estimated that its third quarter revenue would be in the range of $494 million to $498 million, down from its original forecast of $509 million to $513 million, due to the malware outbreak.
Another victim was U.K.-based Reckitt Benckiser, which produces products ranging from Nurofen painkiller pills to Durex condoms. Last month, the household goods manufacturer, which reported revenue of about $12.9 billion in 2016, estimated that the NotPetya infection and remediation would result in about $129 million in lost revenue.