NotPetya attack: Maersk reinstalled 45,000 PCs, 2,500 apps & 4,000 servers

Young Asian male frustrated, confused and headache by Petya or Petrwrap ransomware attack on desktop screen, notebook and smartphone, cyber attack and internet security concepts

On June 27th, 2017, a dangerous ransomware attack called Petya hit businesses all over Europe, including Denmark based transport and logistics conglomerate Maersk group, which suffered a cyber attack from hackers who used a modified version of Petya called NotPetya. The attack was so massive that Maersk suffered a million of dollars loss, while its cyberinfrastructure was shut down making it impossible for the company to operate.

Maersk is back

However, during the ongoing World Economic Forum in Davos Maersk Chairman Jim Hagemann Snabe revealed some in-depth details on NotPetya attack on the company according to which the company had to go through a complete overhaul of its system by reinstalling its “entire infrastructure including 45,000 PCs, 2,500 applications, and 4,000 servers in a “10 days heroic effort”

More: How To Prevent Growing Issue of Encryption Based Malware (Ransomware)

“Normally I come from an IT background you will see it will take 6 months but it took 10 days and heroic effort and I can only thank the employees and partners we had on doing that,” said Hagemann. “Imagine a company where a ship with 10 to 20 thousand containers is entering a port every 15 minutes, and for 10 days, you have no IT – It’s almost impossible to even imagine.”

Hagemann further said that the company is now working on keeping its cyberinfrastructure secure since “We were basically average when it came to cybersecurity, like many companies.”

The screenshot shows the infected device showing Petya ransom note – Initially, the Petya attack was called GoldenEye.

Remember, like WannaCry ransomware attack, Petya also used EternalBlue exploit stolen and leaked by ShadowBrokers from the US National Security Agency (NSA). The exploit was developed to target Windows-based devices by the agency, however, after getting leaked hackers used it in Petya campaign that spread through 130 countries and affected more than 90,000 people.

FedEx, another victim of Petya

The US-based globally operating delivery firm FedEx said in July 2017, that its subsidiary company TNT Express was still suffering the aftermath of Petya attack. FedEx also published its 10-K filing at the same time when world’s insurance giant Lloyd’s issued a report on the possibility of losses worth $121.4 bn worldwide due to a well-planned cyber-attack.

New ransomware with cryptocurrency as bait

Thanks to the sudden surge in Bitcoin’s price, a few days ago, researchers discovered another ransomware campaign that uses cryptocurrency as bait to target innocent users. The campaign works in such a way that it claims to introduce a profitable new cryptocurrency called SpriteCoin and its Blockchain setup.

However, in reality, SpriteCoin does not exist while its setup does not install Blockchain but infects the device with a malware that locks files and asks users for ransom in Monero cryptocurrency. Once the user pays ransom the malware further infects the device another malware that spies on the victim.

Keep a backup

If you are an Internet user, you can be the next victim of ransomware attack, therefore, keep a backup of your data so that you are not forced to pay ransom to cybercriminals. Also, keep your device updated and use an anti-virus software at all times.

Watch Hagemann’s talk on NonPetya in World Economic Forum

Image credit: DepositPhotos/Zephyr18

Related Posts