News / Maersk booking and port operations hit by cyber attack as hackers demand ransom

28/06/2017

Maersk Line is today unable to take bookings following yesterday’s Petya ransomware cyber attack, in what has been called “shipping’s Y2K moment”.

While all vessel operations will continue, making “the majority” of port calls, the shipping line says it has “shut down” IT and communications infrastructure as a security measure.

Maersk said: “Access to most ports is not impacted, however some APM Terminals are affected and gates are closed. Cargo in transit will be offloaded as planned. Import cargo will be released to credit customers.”

Petya is thought to have disrupted 17 of APMT’s terminals, including Los Angeles, Rotterdam and Jawaharlal Nehru Port Trust in Mumbai, leading to some confusion and congestion. APMT was unavailable for comment.

TNT Express is also said to be a victim, suffering some warehouse operation issues.

Fear of cyber attacks has grown recently in the logistics industry. It rose to sixth on the list of the World Economic Forum’s Global Risks Report 2017, after entering the list in 2014.

Jody Cleworth, CEO of blockchain-based forwarder Marine Transport International, said: “We are facing our Y2K moment. It shows that legacy systems are outdated and simply no longer fit for purpose.”

One of the particular problems for the supply chain is the large number of stakeholders involved – just one weak link can open them up to attack.

However, this threat can be eliminated by using blockchain, a global distributed ledger, currently being examined by Maersk.

“It is open to anyone, where anything of value like money, containers, bills of lading, location and routing information, are stored and managed securely and privately,” Martyn Walker, of Agility Sciences, told The Loadstar.

“Trust is established through mass collaboration and code, rather than by powerful intermediaries like governments, banks and corporations.

“A Trojan attack like this would not have had any impact. Blockchain runs in a sterile environment. The only way to get data in is through the chain – but an attack wouldn’t work, and it would also leave clues for forensic scientists.”

Lars Jensen, CEO of SeaIntelligence Consulting and CyberKeel, warned the industry of the threat last year.

“The industry is in very poor shape when it comes to cyber security. It needs awareness among senior management – this is not an IT issue. Firewalls and anti-virus software will not keep out dedicated attacks. If you think you haven’t been hacked – you are wrong.”

Meanwhile Maersk partner MSC felt obliged to put its own note out to customers, reassuring them that all its systems and business operations are working normally.

It said it was offering “full support” to Maersk and they were “working together to find other means to transmit data between the two companies. This includes information such as vessel bayplans, load lists, and customs information”.

It added: “If necessary, the 2M partners are prepared to divert ships from terminals which are not currently operating as a result of the attack.”

Mr Jensen also warned ports and terminals that they were likely to be in the vanguard of cyber attacks. Yesterday, he posted a blog noting: “We have specifically warned repeatedly against the likelihood of ransomware (and similar) attacks.

“A key component in the cyber defence for such attacks is having a solid plan for re-installing everything from back-up; something outlined as early as our white paper in 2014 about creating a maritime cyber-resilient organisation. How quickly Maersk will get back online is unknown.”

Mr Jensen revealed that Maersk Line generated a revenue stream of some $5.9m an hour – in 20 hours it would have potentially have “lost” $118m. But, he added: “This does not mean that Maersk has lost this level of business, it is likely a number of customers will simply postpone their bookings for a little while. But the keyword is “a little while”.

And he warned that the industry as a whole should take the issue seriously.

“Our general take on the state of the maritime industry is that cyber defenses are quite low and systems are easily breached (although positive exceptions do happen).

“Over the past 12-18 months, there has been a gradual change in the mindset of the industry, and the prevailing attitude is now a recognition that cyber security may indeed be a genuine threat.

“However, we also find that this recognition, in many cases, still does not translate into the allocation of appropriate resources to properly investigate a company’s current level of cyber security, or the allocation of proper resources related to sustained heightening of cyber readiness.”

The Petya attack began in Ukraine, with major impacts in Russia and Poland and, according to Wired, is designed to spread with speed.

The hackers have demanded a $300 bitcoin payment – however, the email client being used, German firm Posteo, has closed the address listed so payments cannot be made.

Other major companies affected are pharmaceutical company Merck, and Russian oil giant Rosneft.