The worst transportation hack so far
On June 27, 2017, computers began to crash at the Copenhagen, Denmark, headquarters of A.P. Moller-Maersk, one of the biggest transportation providers in the world with nearly 800 container ships. Some computer screens displayed a message demanding a payment of $300 in bitcoin. That was before they went black altogether. Before the day was out, the contagion had spread through company networks to Maersk facilities across the world. In the U.S., that included company terminals in New York and Los Angeles.
But this was not really a ransomware attack. It began as a cyberattack by Russia on Ukraine. Malicious software called NotPetya appeared to be ransomware, but it was actually designed to bring down computers and networks. There was no key to undo the damage. The attack hit Ukraine hard, bringing down networks and overwriting files at banks, power plants, and railways for starters. Then it jumped international borders infecting systems in the rest of Europe, North America, and even back in Russia.
The APM terminal run by A.P. Moller-Maersk in New Jersey shut down on June 28, a Thursday, and didn’t reopen until Monday, July 3.
But its systems weren’t back online on July 3. Everything was being done on paper. Meanwhile, three days’ worth of containers began to arrive and quickly backed up from the APM gate all the way to a New Jersey Turnpike interchange miles away. Many drivers waited in line for more than six hours before being turned away.
Similar scenes played out at Maersk facilities elsewhere. They would go on, easing a bit each day for the next three weeks as systems were slowly brought back online. APM terminals stayed open late, container backlogs were dealt with, and things had returned to something like normal by July 17.
The Maersk outage hack cost a lot of people a lot of money and Maersk reimbursed many without any question. The company later estimated the cost of the episode at between $200 and $300 million. Port carriers were not reimbursed; neither were drivers, many of them owner-operators, who were the least able to absorb the loss. LL