Modest savings on security cost billions in remediation after NotPetya
The 2017 hack of the shipping company A.P. Møller-Maersk, which manages 800 seafaring vessels and 76 ports that handle nearly a fifth of the world's shipping capacity, required an emergency shutdown of the company's entire IT system, including its phones. Maersk was a victim of NotPetya, the most vicious cyberweapon released to date, created by a group of Russian military hackers and intended to hit the Ukraine, where it hit hospitals, power companies, airports, government agencies, banks, and ATM and card payment systems. NotPetya relied on the EternalBlue penetration tool created by the US National Security Agency and leaked earlier in the year and Mimikatz, a Windows password vulnerability discovered in 2011, and was designed to be destructive, encrypting computers' master boot records, and corrupting their contents. Besides Maersk, the attack reached FedExt's TNT subsidiary, Merck, and many others for an estimated $10 billion in damages. It took ten days for Maersk to rebuild its network and two weeks to begin reissuing computers to its staff, who spent the interim working with paper documents and taking bookings via personal email accounts, WhatsApp, and spreadsheets. In the aftermath, security staffers noted that some of the company's servers were still running Windows 2000; that in some cases software patching was inadequate; and that its network was insufficiently segmented, which allowed NotPetya to spread. All of these were elements of a revamp security staff requested in 2016 but that was not implemented. Maersk estimated its direct costs at $250 to $300 million; companies and truckers in its supply chain also lost in the tens of millions of dollars.
Writer: Andy Greenberg