Maritime Computer Emergency Response Team ADMIRAL dataset ADMIRAL dataset

Publicly disclosed information for this event

Index Number:
Title:
2017_003
Shipowner and its port terminals hit by NotPetya. 300M US$ loss. More than 4000 servers, 45 000 PCs [...]
Day Month Year Country Activity Incident Type
30 June 2017 Denmark Shipowner Virus/Ransomware

Summary

Shipowner and its port terminals hit by NotPetya. 300M US$ loss. More than 4000 servers, 45 000 PCs and 2500 software applications had to be reinstalled.

Victim

Maersk

Claimed/Reported Threat Actor

NotPetya

Origin

Political

Main impact

Availability

References

  1. https://www.theregister.co.uk/2018/01/25/after_notpetya_maersk_replaced_everything/
  2. https://redmondmag.com/blogs/scott-bekker/2018/08/domain-controller-nightmare.aspx
  3. https://gvnshtn.com/maersk-me-notpetya/

Recommendations to Shipowner to reduce Virus/Ransomware risks:

  • Map, understand, patch and secure your exposed assets on the Internet.
  • Implement email filtering systems to detect and block phishing emails.
  • Train your organisation, personnel regularly against these threats.
  • Install efficient Endpoint Detection and Response (EDR) tools.
  • Work with your CSIRT organization to better understand the Tactics, Techniques and Procedures used by threat actors.
  • Monitor your IT and OT systems to quickly detect potential pre-ransomware activity.
  • Implement an efficient offline backup policy.
  • Encrypt all sensitive data to avoid further data leaks.
Previous Next
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks.
Files generated on Monday, 11th December 2023.
ADMIRAL is licensed under the Creative Commons CC-BY-NC license. Copyright © France Cyber Maritime 2023.