Cybersecurity experts say that this week’s major ransomware attack uses a variant of the Petya or GoldenEye ransomware and is currently claiming victims across the world. It quickly spread across Ukraine, Russia, England and India.
           On Wednesday, the world’s biggest shipping company Maersk, which handles one out of seven containers shipped globally, said a cyberattack had caused outages at its computer systems across the world. An IT breakdown affected all business units at Maersk, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers, and could extend right across the company’s global operations. With a fleet of more than 600 container vessels, shipping giant A.P. Moller-Maersk has a market share of around 16 percent. The company handles around 25 percent of all containers shipped on the key Asia-Europe route.
           They confirmed that due to that the impact of the global cyber-attack, some of their IT and communications infrastructure have been impacted and they had proactively shut down as a security measure. Specifically, they announced that:
– All immediate vessel operations will continue as planned, making the majority of planned port calls.
-Access to most ports is not impacted, however some APM Terminals are affected and gates are closed.
– Cargo in transit will be offloaded as planned. Import Cargo will be released to credit customers.
           Maersk’s port operator APM Terminals was also hit, with Dutch broadcaster RTV Rijnmond reporting that 17 shipping container terminals run by APM Terminals had been hacked, including two in Rotterdam and 15 in other parts of the world. The RTV report said computers were infected by ransomware that encrypted hard drives at APM Terminals. The Port of New York and New Jersey said its APM Terminals would be closed for the remainder of the day on Tuesday.
           Unlike other families of ransomware, Petya/GoldenEye does not encrypt individual files, but rather the entire hard disk drive. It then reboots it to prevent the user from accessing that information. When the encryption process is complete, the attacker forcefully crashes the computer and asks for a ransom. It spreads automatically from one computer to another using multiple vulnerabilities in the operating system, including the EternalBlue exploit that grabbed the headlines during the #WannaCry attack.
