The world's largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017.
By all accounts, this is a monumental effort from Maersk's IT staff, equivalent to installing a new infrastructure from the ground up.
The effort is even more jaw-dropping when we take into consideration that Maersk is the world's largest shipping companies, hauling over a fifth of the world's ship containers.
These new details came to light yesterday, while Jim Hagemann Snabe, Chairman of A.P. Møller-Maersk, participated in a panel on securing the future of cyberspace at the World Economic Forum held in Davos, Switzerland.
The incident Snabe was referencing is the NotPetya ransomware outbreak that hit companies around the world.
"I'll never forget, It was the 27 of June when I was woken up at 4 o'clock in the morning. A call came from the office that we had suffered a cyberattack," Snabe said.
"The impact of that is that we basically found that we had to reinstall an entire infrastructure," Snabe continued. "We had to install 4,000 new servers, 45,000 new PCs, 2,500 applications."
"And that was done in a heroic effort over ten days. Normally —I come from the IT industry— I would say it's gonna take six months. It took ten days," Snabe added, referring to his previous position as SAP's CEO.
The consequences were felt almost immediately in Maersk's operations, but Snabe says his company's employees faced the storm bravely, with minimal impact on the firm's activity.
"Imagine a company where a ship with 20,000 containers would enter a port every 15 minutes, and for ten days you have no IT.
"It's almost impossible to even imagine. And we actually overcome that problem with human resilience," Stabe said. "We only had a 20% drop in volume, so we managed 80% of that volume manually. [...] Customers were great contributors to overcoming that."
In hindsight, Snabe says he feels that his company was just "collateral damage of probably a state attack."
The NotPetya ransomware initially spread as a malicious update of M.E.Doc, a popular Ukrainian accounting software. Many non-Ukrainian companies were also infected because NotPetya spread to internal networks via VPN. The ransomware infected a company's offices in different countries after it initially infected Ukrainian headquarters.
Snabe's remarks regarding NotPetya being a state attack come after many cyber-security companies attributed to NotPetya ransomware to a cyber-espionage group named TeleBots that many suspect is the cyber-arm of a Russian intelligence agency.
Ukrainian officials didn't mince words or time blaming NotPetya on Russia, and recently, even the CIA officially blamed the Russian military's GRU GTsST, or Main Center for Special Technology, as the source of the NotPetya ransomware, in a classified report seen by Washington Post reporters.
Snabe also said his company estimated the damages caused by NotPetya to between $250 and $300 million. This is also the damages tag that both US pharmaceutics giant Merck and US-based international courier service FedEx also put on the NotPetya aftermath.
Maersk was lucky to fully recover in ten days after the incident. A month after NotPetya hit some of its factories, Merck was still not producing some types of bulk products used for products such as KEYTRUDA, JANUVIA, and ZEPATIER, critical drugs for various illnesses.
FedEx was also unlucky, revealing that some of the NotPetya damage was permanent, and admitting that its TNT subsidiary might have lost some customer package details for good.
"It was an important wake-up call," he said. "We were basically average when it comes to cyber-security, like many companies. And this was a wake-up call to become not just good —we actually have a plan to come in a situation where our ability to manage cyber-security becomes a competitive advantage."
In the subsequent discussions, Snabe also urged fellow Davos World Economic Forum participants to focus on securing cyberspace.
A video of Snabe's comments regarding Maersk's NotPetya recovery efforts, and more, is embedded below. The discussion is right at the beginning, following the 02:20 mark.