Petya Ransomware Attack: Implications for Global Supply ChainsEverstream Team
- A new ransomware that reportedly started in Ukraine on Tuesday, June 27 has caused network issues in Europe, North America and Asia Pacific, and has disrupted numerous companies around the world
- Amongtheimpacted,shippingcompanyMaerskhasexperienceddisruptionsonitsbooking portal and at some port terminals in Belgium, Netherlands, the United States and India
- Trade impacts may remain limited if businesses that are disrupted are able to resume operations relatively quickly and leverage backup IT measures. As no definite timeline has been communicated regarding when cargo operations would fully resume, this may have ripple effects for importers and exporters, potentially impacting the global supply chains
- Mediterranean Shipping Company (MSC) confirmed on June 28 that it was prepared to divert ships away from affected Maersk terminals, working on ways to transmit data between both companies, including customs information
On Tuesday, June 27, a cyber attack originally reported in Russia and Ukraine began to impact IT systems across the world. The ransomware virus named “Petya” or “GoldenEye” is reportedly the cause of the network issues. Disruptions have been reported at numerous companies around the world, with Russia and Ukraine suffering the most attacks. Other countries that have been impacted include the United Kingdom, France, Germany, Italy, Poland, the United States, Australia, Spain, India, Israel, Serbia, the Czech Republic, and Norway.
Among the impacted, container shipping company Maersk’s customer booking portal was said to be affected by the cyber attack, but has been available again since June 29. In addition, its port operator subsidiary APM Terminals has experienced disruptions at numerous ports in Spain, Belgium, Denmark, the Netherlands, Sweden, Georgia, Turkey, Bahrain, India, Brazil, Peru and the United States. As of June 29, some affected terminals have resumed operations, while others remain closed. Some sources suggested that all terminals would re-open by Monday, July 3 at the latest.
Other maritime operations of the company, including oil operations, drilling, supply services and tankers were not impacted. All vessel operations would continue as planned, making the majority of planned port calls. Cargo in transit will reportedly be offloaded as planned and import cargo will be released to credit customers, albeit with some delays. As of this morning, Maersk confirmed that the cyber attack has been contained, but that it was currently unable to accept any future bookings until system applications are brought back up. No timeline has been provided on when the booking portal and APM Terminals are scheduled to re-open.
Behind the current global cyber attack on companies and organizations is the ransomware “Petya” or “GoldenEye”, which spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. Ransomware is a type of computer virus that holds a user’s data hostage until a payment is made. The current virus is similar to the “WannaCry” cyber attack that occurred in May 2017, and affected more than 230,000 computers in 150 countries. Computers struck by the virus displayed a message that said its data had been encrypted and demanded a ransom — in this case, USD 300 — to decrypt it. Many systems have been updated since the “WannaCry” attack, but Russian security firm Kaspersky Lab indicated that the current virus may not be a variant of previously seen ransomware, but an entirely new malware. Israel’s biggest cyber security company said that the ransomware may, however, be slightly less dangerous than “WannaCry” because it was less aggressive in proliferating outside networks, and was more focused on proliferating inside networks. This may have limited the ultimate spread of the malware, which seems to have seen a decrease in the rate of new infections overnight. Whereas the “WannaCry” ransomware had affected different types of organizations and companies such as hospitals, government offices, universities and companies, the “Petya” ransomware has so far largely had impacts on IT networks of multinational companies.
Until June 28, the cyber attacks have generated about USD 9,000 in ransom payments, a figure that is likely to steadily rise over the coming days. Experts cautioned that paying the ransom may not help restore the computer. Kaspersky Lab suggested that Europe may experience the biggest difficulties as the attack itself targeted business in Ukraine, Russia and Poland before spreading. Some security researchers said that the attack originated in Ukraine, where the hackers had intended it to hit a day before the holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union.
Supply Chain Impacts
The cyber attack has reportedly affected at least 20 APM Terminals worldwide. As of June 29, the following terminals were still not fully operational:
- APM Terminals Aarhus
- APM Terminals Algeciras
- APM Terminals Barcelona
- APM Terminals Gothenburg
- APM Terminals Izmir
- APM Terminals Poti
- APM Terminals Rotterdam
- APM Terminals Zeebrugge
- APM Terminals Bahrain
- APM Terminals Buenos Aires
- APM Terminals Callao
- APM Terminals Itajai
- APM Terminals Los Angeles
- APM Terminals Mobile
- APM Terminals New Jersey
- APM Terminals New York
- APM Terminals Pecem
- APM Terminals South Florida
- APM Terminals Gujarat
- Gateway Terminals India
Most of the terminals initially experienced IT issues as a result of the attack, and operations at the terminals have subsequently been shut down. Loading and discharge of containers have completely stopped. Trucking companies have been informed of the closure and asked not to come to the terminal. Some terminals have made additional parking space available for cargo in transit, in an effort to mitigate potential congestion. Other terminals reportedly were to resume operations or have returned to manual operations.
Experts stated that trade impacts would remain limited if Maersk’s system is restored quickly. However, if the company stays off line for a prolonged period, it may have ripple effects for importers and exporters, potentially impacting the global supply chains, including retail stores. At the Gateway Terminals India and APM Terminals in Rotterdam and New Jersey, some reports have already emerged of potential congestion as a result of the cyber attack.
Early reports confirmed that German rail operator Deutsche Bahn was again among affected companies. In May 2017, the “WannaCry” ransomware had hit Deutsche Bahn and its rail freight arm DB Schenker, causing some minor disruptions and delays at German railway stations due to dysfunctional display screens and video surveillance cameras. No further disruption to rail freight was known at the time of writing.
Reports also suggested that Kiev’s Boryspil international Airport (IATA: KBP) has been one of the earliest sites affected by the cyber attack, potentially causing some flights to be delayed, according to the airport operator. It is the country’s largest airport, serving 65% of its passenger air traffic, including all its intercontinental flights and a majority of international flights. In 2015, the total number of cargo handled at the airport reached 25,036 tons.
Potential Contingency Plans
Another container line, Mediterranean Shipping Company (MSC), confirmed on Wednesday, June 28 that it was prepared to divert ships away from affected Maersk terminals, working on ways to transmit data between both companies, including customs information.
Due to the ongoing impact assessments by affected companies, it is not yet clear when the attack will be completely contained and, in the case of Maersk/APM Terminals, when operations would fully resume. Recent developments have shown that some affected terminals were able to switch from computerized to manual processes, ensuring a slower but steady handling of cargo. Risk of delays and congestion at the terminals might therefore have to be assessed on a case-by-case basis.
While most of the reported impacts have been in Europe and the Americas, some businesses in the Asia Pacific region have also reportedly been affected on Wednesday, June 28, including in Australia and India. However, the impact on businesses operating in Asia Pacific appears to be limited as only isolated branches of multinational companies are affected by the ransomware attack. No reports of any major outbreaks within local companies or multinational branches in China have emerged so far.
Everstream Analytics customers are advised to take the necessary measures to ensure systems are not compromised and to get in touch with local contact points to receive the latest updates on how individual shipments may be affected.