Maersk: NotPetya malware outbreak will cost up to $300m

Shipping company puts high price on attack linked to Russia

Shipping company Maersk has warned that the NotPetya malware attack that hit the company in June will cost it between $200m and $300m, largely in lost revenues as a result of the disruption caused by the malware.

In a statement last night, released to coincide with the company's financial results for the quarter to the end of June, CEO Søren Skou said: "In the last week of the [second] quarter we were hit by a cyber attack, which mainly impacted Maersk Line, APM Terminals and Damco.

"Business volumes were negatively affected for a couple of weeks in July and, as a consequence, our third quarter results will be impacted. We expect that the cyber-attack will impact results negatively by [between] $200 and $300m."

However, while the malware depressed the company's revenues, it was still able to report revenue up by $1bn compared to the same quarter a year earlier, and profits up by $490m.

The sum is the first time that the company has been able to publicly release a figure on the cost of NotPetya and dealing with the aftermath of the malware.

At the beginning of July, the shipping company admitted that NotPetya had affected a number of ports around the world that it operates, causing a large backlog of shipments to build up. Back then, it admitted that it had suffered cancellations as a result, but couldn't quantify them, or put a figure on the cost.

Maersk was one of a handful of global companies affected by NotPetya via operations in Ukraine, which appeared to be the primary target of the malware.

Other companies affected include fast-moving consumer goods company Reckitt Benckiser, which has said that the outbreak would cost the company around $100m or more in lost revenues in the second quarter; and confectionery firm Cadbury's, which admitted that factories and warehouse systems had been affected by NotPetya, delaying shipments.

The most badly affected major organisation, though, would appear to be global parcel delivery company TNT Express, which has warned of permanent data loss as a result of NotPetya. Even three weeks after the outbreak, the company was still struggling to operate effectively, with paperwork lost in the company's borked IT systems and staff forced to resort to manual processes.

NotPetya was propagated via the compromised update servers of ME Doc, an accounting software package used by 80 per cent of organisations in Ukraine. The company behind ME Doc had been warned several times that its servers were vulnerable and now faces a class-action law suit.

The malware itself took advantage of a security flaw in Windows' SMB networking protocol to self-propagate, a flaw that had been long exploited by the US National Security Agency for its own ends.

Microsoft released a patch for Windows - including now unsupported Windows XP - after an NSA exploit, dubbed EternalBlue, was released by the Shadow Brokers group. Many organisations, though, were slow to apply this patch.

Intriguingly, perhaps, security analysts have suggested that the exploit was incorporated into the NotPetya malware before it had even been publicly released.

The claim added weight to suggestions that NotPetya was crafted by Russian security services to further undermine and destabilise neighbouring Ukraine, following the annexation of the Crimea region in 2014 and Russia's ongoing backing of separatist rebels in eastern Ukraine.