IT Security

Maersk Cyber Attack: How NotPetya Crippled Global Shipping

IT Security
Timothy Clarkson
June 26, 2024

In late June 2017, Maersk, the world’s largest shipping conglomerate, found itself thrust into the center of a global cybersecurity crisis. What started as a seemingly routine cyber attack quickly escalated into a catastrophic event that would ripple through the global economy, leaving Maersk and numerous other organisations reeling in its wake. 

This was the infamous NotPetya attack, a malware incident that would forever alter perceptions of cyber vulnerability in the logistics and shipping industry. In this article, we’ll learn more about the Maersk cyber attack, the damage it caused, and the lessons that can be learned to prevent similar incidents in the future.

What happened in the Maersk cyber attack?

On June 27, 2017, Maersk's IT systems were compromised by the NotPetya malware, a variant of the Petya ransomware. Initially disguised as a ransomware attack, NotPetya quickly revealed its true nature: a destructive wiper malware designed not to extort money but to cause maximum disruption. 

The malware exploited vulnerabilities in unpatched systems, leveraging the EternalBlue exploit—developed by the NSA and later leaked by hacker group Shadow Brokers—to spread rapidly across networks.

NotPetya first targeted Ukraine, where it infected thousands of computers, including those of M.E.Doc, a widely used accounting software provider. M.E.Doc unwittingly became a vector for the malware, spreading it globally. The attack soon reached Maersk, where it swiftly incapacitated critical IT systems. 

From corporate email to operational systems at APM Terminals, Maersk's terminal operating arm responsible for managing container shipping in 76 ports worldwide, the malware brought operations to a grinding halt.

NotPetya’s impact on Maersk's IT systems

The impact on Maersk and global shipping

Maersk, responsible for a significant portion of global container shipping, found itself paralysed. With terminals offline and communications disrupted, the company's ability to manage logistics and transport was severely compromised. 

Ships were delayed, port operations stalled, and Maersk's core services—from booking to tracking shipments—became inaccessible. The ripple effects were felt across the entire global supply chain, impacting businesses and industries reliant on timely shipments.

The financial toll was staggering. Maersk estimated losses between $250 million and $300 million due to operational downtime, lost revenue, and recovery costs. This incident underscored the vulnerability of interconnected supply chains and the critical need for robust cybersecurity measures in an increasingly digitalised industry.

Recovery center efforts during the Maersk cyber attack

Maersk's response and recovery efforts

In the aftermath of the attack, Maersk swiftly initiated a crisis response. Teams worked around the clock to contain the malware, restore systems, and resume operations. With no quick fix available, Maersk had to rebuild its entire IT infrastructure from scratch in some areas, implementing enhanced cybersecurity protocols and strengthening network defences. 

The company also embarked on a mission to help others in the industry bolster their cybersecurity preparedness, recognising the shared risks and responsibilities within global shipping networks.

In addition to rebuilding its IT infrastructure, Maersk's response included fortifying defences against future cyber threats like WannaCry, which had similarly impacted organisations globally. The cyber attack disrupted Maersk’s core services across 130 countries, showcasing vulnerabilities in global shipping networks that even the National Security Agency acknowledged. 

Furthermore, the incident prompted heightened cybersecurity measures not only within Maersk but across critical nodes like the Port of Los Angeles, underscoring the need for collaborative efforts to secure international trade routes against cyber threats.

Maersk’s IT systems compromised by one single infection

Lessons learned from the Maersk cyber attack

The Maersk cyber attack served as a significant wake-up call for Maersk and the broader shipping industry. Key lessons emerged from this unprecedented cyber assault:

  • Cyber resilience is paramount: No organisation, regardless of size or industry, is immune to cyber threats. Investing in robust cybersecurity measures and maintaining up-to-date software patches are critical defences.
  • Supply chain vulnerabilities: The interconnected nature of global supply chains amplifies cyber risks. A single point of failure can disrupt operations worldwide, highlighting the need for contingency plans and decentralised backup strategies.
  • Collaborative security efforts: Cyber threats transcend organisational boundaries. Collaborative efforts within industries and across sectors are essential to strengthening collective defences against evolving cyber threats.
  • Continuous vigilance: Cyber threats evolve rapidly. Organisations must remain vigilant, continually updating and testing their cybersecurity strategies to mitigate risks effectively.
Every Maersk terminal affected by the cyber attack

Moving forward: Maersk's commitment to cybersecurity

Today, Maersk continues to lead by example in cybersecurity resilience. The company has invested significantly in enhancing its IT infrastructure and fostering a culture of cybersecurity awareness among its employees. 

By sharing its experiences and lessons learned from the NotPetya attack, Maersk aims to empower others in the industry to proactively defend against cyber threats and safeguard global trade and logistics.

In conclusion, the Maersk cyber attack was not just a targeted strike on a shipping giant; it was a stark reminder of the vulnerabilities inherent in our digitally interconnected world. As industries increasingly rely on digital technologies, the imperative for robust cybersecurity measures grows ever stronger. 

By learning from past incidents like the NotPetya attack, organisations can fortify their defences and better protect against future cyber threats, ensuring the resilience and continuity of global commerce.

Maersk’s entire global network brought down by NotPetya

Protect your business from cyberattacks

The Maersk cyber attack demonstrated the devastating impact cyberattacks can have on even the largest companies. Don't wait until it's too late.

Protect your business now to avoid being among the companies hit by these destructive threats. Contact OxygenIT today to bolster your cybersecurity defences.

Reach us at (0800) 242 206 or email us at for a consultation and to safeguard your business against cyberattacks.

Hackers extracting passwords out of RAM during the attack


What was the cost to Maersk due to the cyber attack?

The cyberattack cost Maersk as much as $ 300 million. This figure includes the direct financial impact from operational downtime, lost revenue, and extensive recovery efforts required to rebuild and secure their IT infrastructure.

How were Maersk staffers affected by the cyber attack?

Maersk staffers were heavily impacted by the cyber attack, as many found themselves unable to perform their regular duties due to the widespread IT system failures. 

The attack affected communication systems and operational tools, leading to significant disruption in day-to-day activities and necessitating urgent crisis response measures across the company.

How did the Maersk Line manage operations during the cyber attack?

During the cyber attack, the Maersk Line struggled to manage operations as the malware crippled key IT systems essential for container tracking, booking, and logistics management. 

The impact of the attack was felt globally, disrupting Maersk's ability to provide timely and efficient services, which are critical to global transport and shipping.

What cyber security measures did Maersk implement post-attack?

In the aftermath of the attack, Maersk implemented enhanced cyber security measures to prevent future incidents. These measures included overhauling their IT infrastructure, strengthening network defences, and adopting advanced cyber security protocols. 

Collaboration with cybersecurity experts, including Microsoft, played a crucial role in Maersk's efforts to secure their systems against potential threats.

How did Maersk employees contribute to the recovery efforts?

Maersk employees played a vital role in the recovery efforts following the cyber attack. Teams worked tirelessly to contain the malware, restore operations, and rebuild the company's IT systems. 

The dedication and resilience of Maersk employees were crucial in overcoming the challenges posed by the cyber attack and resuming normal operations.

What role did the Maersk group play in addressing the cyber attack?

The Maersk Group, including its various subsidiaries and departments, coordinated a comprehensive response to the cyber attack. This included crisis management, IT recovery, and communication efforts to ensure a unified approach to addressing the disruption. 

The Maersk Group's leadership and strategic direction were key to navigating the crisis and mitigating the long-term impact of the attack.

How was Maersk headquarters involved during the cyber attack?

Maersk headquarters in Denmark was at the centre of the company's response efforts during the cyber attack. The headquarters served as the coordination hub for crisis management activities, directing efforts to restore affected systems and ensure continuity of operations. 

The Danish leadership worked closely with international teams to manage the recovery process and implement necessary cybersecurity enhancements.

What companies were also affected by the NotPetya cyber attack?

The NotPetya cyber attack, which targeted Maersk, also affected several other major companies worldwide. Notable victims included the pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, and A.P. Møller - Maersk's sister company. TNT Express lost about $ 400 million due to the attack. 

The attack spread rapidly, exploiting vulnerabilities in unpatched systems and causing widespread disruption across multiple industries. The incident highlighted the importance of robust cyber security measures and the need for organisations to stay vigilant against evolving cyber threats.

Let’s transform your business with our reliable IT solutions!