Maersk Fights Against ‘Petya’ Cyber Attack Damage


Maersk is working with MSC to mitigate the damage caused by the ‘Petya’ malware after congestion was caused at some of the 76 terminals run by its APMT business arm in the US, India, Spain and the Netherlands.

The world's largest container shipping company confirmed that the threat had been contained yesterday (June 28, 2017), but APMT terminals still had to manually process containers due to IT systems still being affected by the cyber attack that targeted computers across the world on Tuesday (June 27, 2017).

Maersk has since released an update stating that it is accepting bookings again through the INTTRA platform (below).

MSC said in a statement that it was trying to find ways to transmit data such as vessel bayplans, load lists, and customs information between the two companies as it had not been hit by the attack.

Maersk is in an alliance partnership with MSC called 2M that combines the companies’ fleets and terminals in order to utilise container space on board ships.

MSC said on its website: “At this time, we would like to reassure all our customers that MSC’s systems and business operations are working normally and bookings can be placed as usual.

“If necessary, the 2M partners are prepared to divert ships away from terminals which are not currently operating as a result of the attack.

“MSC operates 53 terminals around the world which are fully available to 2M vessels to load and unload cargo with minimal delay.”

Maersk Line Chief Commercial Officer Vincent Clerc told Reuters that the impact on vessels or cargo could “maybe” last until today (June 29, 2017).

Clerc added that delays could not be avoided but declined to say how widespread they were.

He also confirmed that, due to limited access to some of its computer systems, Maersk also has problems processing orders taken just before the breakdown.



Read PTI's technical papers on cyber security

Maersk has not yet confirmed when it expects its business to return to normal or what the economic impact may be.

Analysis of the encryption routine by cyber security giant Kaspersky revealed that the attack, which targeted 2,000 systems belonging to different companies across the world, can’t be decrypted. 

Kaspersky stated in a blog post: “It appears this malware campaign was designed as a wiper pretending to be ransomware.

“The criminals behind this attack are asking for $300 in Bitcoins to deliver the key that decrypts the ransomed data, payable to a unified Bitcoin account.

“Unlike Wannacry, this technique would work because the attackers are asking the victims to send their wallet numbers by e-mail to “”, thus confirming the transactions.

“We have seen reports this email account has already been shut down, effectively making the full chain decryption for existing victims impossible at this time.”

The impact to Maersk sustained in the first 20 hours was estimated to be approximately US$2.9 million per hour in a blog post by industry expert Lars Jensen, CEO, Partner at SeaIntelligence Consulting.

He stated: “In the 20 hours which has gone since the attack, this adds up to 66.000 TEU and $59 million.

“This does not mean that Maersk has lost this level of business, as likely a number of customers will simply postpone their bookings a little while – but the keyword is “a little while”.

“The longer the outage lasts, the more of these customers will start to shift their cargo volumes to other carriers.

“Time is therefore of the essence in terms of getting systems restored following a cyber attack.

“A key component in the cyber defense for such attacks is having a solid plan for re-installing everything from back-up… how quickly Maersk will get back online is at the time of writing this unknown.”

Daily Email Newsletter

Sign up to our daily email newsletter to receive the latest news from Port Technology International.

Supplier Directory

Find out how to get listed

Webinar Series

Find out how to attend

Latest Stories

Cookie Policy. This website uses cookies to ensure you get the best experience on our website.