The ransomware appeared to have affected the web pages of container division Maersk Line and terminal operator APM Terminals, both of which were offline as of 1830 GMT on Tuesday. Maersk Group’s main site was still up, as were sites for Maersk Oil, Maersk Drilling and U.S. flag service Maersk Line Limited. Dutch TV channel RTV Rijnmond said that the operations IT systems for Maersk’s APM Terminals division was hit, with IT functions affected in 17 terminals worldwide.
“It has affected all branches of our business, at home and abroad,” said Anders Rosendahl, spokesman for A.P. Moller-Maersk.
Anecdotal reports from around the world suggested the scope of the attack’s effects. At the port of Nhava Sheva near Mumbai, an official told local outlet PTI that “the operations at [APM’s GTI terminal] have come to a standstill because their systems are down.” He added that they are trying to work manually, without the benefit of their business enterprise software.
Maersk was far from the only entity affected. The massive ransomware attack has hit Ukrainian firms like aircraft manufacturer Antonov especially hard, but it has also struck large companies across Europe and Russia, including Russian oil major Rosneft. The attack has even taken Chernobyl’s radiation monitoring sensors down, according to the BBC.
The attack on Maersk, perhaps the world’s most prominent maritime firm, comes after years of warnings by leading industry bodies of the dangers of cyber threats. Many of the industry’s biggest concerns center on shipboard systems, and it was not immediately clear whether computers aboard Maersk’s fleet of hundreds of vessels and rigs were affected.
The cyberattack follows just weeks after the similar “WannaCry” ransomware attacks on the UK’s National Health Service and hundreds of other organizations worldwide. In that attack, victims were asked to pay a few hundred dollars to unencrypt their hard drive and retrieve their data – or risk losing it permanently.
Cybersecurity experts say that Petya uses the same NSA-developed “ETERNALBLUE” exploit that WannaCry used to spread – a Windows vulnerability that Microsoft issued a patch to correct back in March. Windows users (including business users) who have still not updated with the patch would be vulnerable, though security consultants caution that this may not be the only mechanism that Petya uses to move between computers