The inside story of the Maersk NotPetya ransomware attack, from someone who was there

Graham Cluley
@gcluley

The shipping conglomerate Maersk, hit by the NotPetya ransomware in June 2017, estimated that it cost them as much as $300 million in lost revenue.

Gavin Ashton was an IT security guy working at Maersk at the time of the attack. He’s now written an in-depth article about what happened.

I want to help protect other folks from making these same mistakes, because there’s a lot of what seems to be defeatist wisdom out there; Yes, it is inevitable that you will be attacked. It is inevitable that one day, one will get through. And obviously, you should have a solid contingency plan in place in case of the worst. But that’s not to say you don’t attempt to put up a damn good fight to stop these attacks in the first case. Just because you know the bad actors are coming, doesn’t mean you leave your front door open and make them a cup of tea when they walk in. You could just lock the door.

Staying with the home analogy; Yes, there’s security cameras and wizard cloud-connected ‘Internet of Things’ (IoT) devices and all kinds of expensive measures and widgets, but a lot of organisations fail simply on the basics. Lock the damn door.

It’s a good read, and strongly recommended if you’re responsible for securing your enterprise from malware attack.

And make sure to check out this “Smashing Security” podcast we recorded back in June 2017, at the time of the outbreak:

Smashing Security #031: 'Petya (don't know the name of this ransomware)'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/d12acc7a-2508-4d4d-aee2-2a1189383a35.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Sign up to our newsletter
Security news, advice, and tips.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.