Future of Cybersecurity: Insights Shared by Ex-CISO of Maersk
In June 2017, shipping giant A P Moller Maersk fell victim to the NotPetya ransomware attack, a cyber-attack that affected thousands of businesses worldwide. Despite the magnitude of the attack, Maersk was able to recover and rebuild its networks and systems, earning recognition as an exemplar of resilience in the face of such a threat.
At the time of the attack, Maersk's operations were divided, with 65% of its systems on-premises and 45% in the cloud. The company's critical Windows servers, including those running Active Directory, were affected by the attack, but Linux, mainframes, and the storage area network remained unscathed.
The attack caused a shutdown of Maersk's network, which took six to eight hours to complete. Recovery efforts were long and arduous, with sales and support teams helping to set up PCs from a new, clean build. The recovery process took three months to fully restore Maersk's operations.
One of the key factors in Maersk's recovery was the decision to rebuild its infected systems rather than attempt to remove the malware and decrypt them. This decision saved around 8-10 days. Recovering Active Directory from a hard drive in Lagos, Nigeria, also saved as much as four weeks more.
Maersk's openness about the attack helped bring in resources from around the world to rebuild its networks and systems. The company was able to 'borrow' Azure cloud engineers from companies that were not affected by the attack to help with the recovery. Microsoft, IBM, and Deloitte's networks were used to push the clean build out to Maersk's local offices.
The attack on Maersk was one of 7000 targeted because they did business with Ukraine. The ransomware attack is estimated to have cost Maersk $700 million, excluding any revenue losses. Banks faced the challenge of rebuilding the entire Windows infrastructure from scratch due to the loss of the index cataloging the backups, which was on an infected server.
Maersk's internal team of 2000 was boosted by 10,000 extra people from Deloitte and IBM to help with the recovery process. An early plan to distribute the clean build to offices by USB failed, so the build was transferred locally instead. A 48-hour power outage in Lagos, Nigeria, saved Maersk's Active Directory server from infection, providing a 'full, unimpacted copy' for recovery.
The person who acted as CISO of Maersk during the 2017 ransomware attack and was involved in the restoration of the company's networks and systems was not explicitly named in the available search results. Maersk's operations center reported odd behavior that led to the decision to shut down the network.
Maersk, with around 120,000 employees, 16,500 servers, and 65,000 user devices, is considered by the World Economic Forum as an exemplar of how to recover from a ransomware attack. The company's resilience in the face of such a significant cyber-attack serves as a reminder of the importance of preparedness and quick action in the event of a cyber-threat.
Read also:
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
- Malicious applications with 38 million installs on Google Play have been removed; here's what you can do to ensure your device's security.
- Business Woes Unveiled: The Sticky Situation of PCI Compliance Revealed as a Valuable Ally for Your Enterprise
