The world’s largest liner carrier and its associated businesses are gradually recovering from Tuesday’s massive cyber attack, but some systems remain shuttered.
The A.P. Moller-Maersk Group said overnight Wednesday it continues to be significantly impacted by a cyber attack Tuesday that has affected its liner, terminal and freight forwarding operations over the past two days.
“The issue remains contained and we continue to work towards technical recovery,” the company said. “A number of IT systems are deliberately shut down across multiple sites and select business units, also impacting email systems. Business continuity plans are being implemented and prioritized. Until this analysis is complete, we cannot be specific about how many sites and locations are affected or when normal business operations are restored. The aggregate impact on our business is being assessed.”
Maersk said it has been collaborating with IT experts, including national cyber-crime agencies and IT industry leaders, to reinstate services safely and without further disruption. The company said all its Maersk Line vessels are under control, and communication to crew and management onboard is functioning.
Shipment management software provider CargoSmart has pulled together a vessel monitoring dashboard to monitor vessels during this time of recovery from the cyber attack.
The dashboard also includes terminal data and is updated every four hours.
“The dashboard is currently showing all Maersk vessel locations and each vessel’s ETA at its next scheduled port based on AIS (live vessel monitoring) data,” a CargoSmart spokesperson told American Shipper Thursday. “It also reveals that about 78 percent of Maersk vessels are running normally, over 5 knots.
“We are currently working on expanding the visibility in the chart overnight.”
Since Wednesday evening, the carrier has been able to accept bookings via the electronic booking platform INTTRA.
“The majority of our terminals are now operational,” the company said. “Some of these terminals are operating slower than usual or with limited functionality. APM Terminals continues to work towards full restoration of its IT systems. Damco (Maersk’s freight forwarding division) has limited access to certain systems. A business continuity plan has been deployed with a key focus on protecting customers’ cargo flows.”
Maersk’s partner in the 2M Alliance, Mediterranean Shipping Co. (MSC), said Wednesday its systems are not affected, but that it has been working with Maersk “to find other means to transmit data between the two companies. This includes information such as vessel bay plans, load lists, and customs information. If necessary, the 2M partners are prepared to divert ships away from terminals which are not currently operating as a result of the attack. MSC operates 53 terminals around the world, which are fully available to 2M vessels to load and unload cargo with minimal delay.”
Maersk officials told Reuters systems recovery plans could stretch throughout today and that individual terminals have been using workarounds to facilitate operations outside of the company’s systems.
“There will be some level of impact on the orders we are in the process of transporting right now,” Maersk Chief Commercial Officer Vincent Clerc told Bloomberg. “I don’t think this is of a magnitude that it impacts global trade. It will impact what we do.”
Kuehne + Nagel, one of the world’s largest forwarders, said late Wednesday it has begun accepting Maersk bookings again. A number of technology providers told American Shipper over the past two days their priority has been to make the impact of Maersk’s troubles as minimal as possible to their customers.
Meanwhile, there is disagreement in the tech world about the nature of the attack. Most news outlets have reported that the attack, nicknamed Petya, was ransomware, a program that works its way into a system and encrypts data until the affected user pays a ransom to unlock that data or system.
However, some analysts believe the virus was actually a “wiper” program, not ransomware. Wipers intentionally wipe out a system with no intention of restoring the system or data. Some cybersecurity analysts believe the virus was designed to function like ransomware to impact the way the media covered the attack.
Petya has impacted a number of multinational firms, predominantly in Europe, including banks and energy companies. It’s still unclear if Maersk was a primary or intended target of the attack.