How Shipping Giant Maersk Dealt With A Malware Meltdown

When a piece of unprecedented malicious software rampages through thousands of critical networks around the world, it tends to get our full attention. And this week’s digital plague, known as Petya (or NotPetya or Nyetya) proved especially vicious. It paralyzed thousands of computers, including those of Ukrainian government agencies, transportation infrastructure, and companies, as well as international targets including Danish shipping firm Maersk and US pharmaceutical giant Merck. It avoided the mistakes made by the hackers behind the last global ransomware outbreak known as WannaCry, skipping the sort of “kill-switch” that neutered that earlier ransomware crisis. And some researchers are starting to believe it may have been just another offensive in Ukraine’s long-running cyberwar with Russia, though this time with collateral damage felt around the world.

But Petya wasn’t the only news in the hacker world this week. A group of researchers revealed that it’s disturbingly easy to hack entire wind farms. WikiLeaks continued its trickle of leaks from the CIA’s vault of hacking tools, revealing how the agency uses target computers’ Wi-Fi to geolocate them. The repeated leaks of that sort of top-secret information from agencies like the CIA and NSA has made it clearer that the US government can’t be trusted to protect any secret backdoor to encrypted systems. And former WIRED editor Kevin Poulsen built a tool to circumvent President Trump’s habit of blocking his critics on Twitter.

How Maersk Dealt With Petya Paralysis
As Petya took hold of thousands of the world’s computers, the $265 billion dollar Danish shipping behemoth Maersk was one of the most high-profile victims. And the shipping news outlet Splash got the inside story of how the company was forced to adapt to being locked out of its computer networks around the world. From Mobile, Alabama, to India, the firm switched to manual tracking of its loading and unloading of cargo. In New Zealand and Australia, for instance, Splash reports that Maersk staff used handwritten records and (apparently offline) Excel spreadsheets to catalogue shipments. Meanwhile, at least some of Maersk’s facilities, like the Port Elizabeth, New Jersey operations of its sister company APM, were shut down altogether until it could recover from the ransomware ordeal.
Source: Wired

First Maersk ship docks in NZ after cyber attack

Danish shipping giant Moller-Maersk has assured New Zealand ports and freight firms that its operations are intact despite falling victim to a cyber attack this week.

Maersk’s Asia Pacific chief executive Robbert van Trooijen said on Friday that its ships were sailing and cargo bookings could be made through an external platform, but despite being “open for business” some of its IT systems remained down.

The international container carrier was forced to shut down all of its computer and communication systems and set up an external Gmail account when a malware, dubbed NotPetya, infected its computers in Europe on Tuesday.

Maersk containers are due to arrive at Port of Auckland on Friday.

FAIRFAX NZ
Maersk containers are due to arrive at Port of Auckland on Friday.

Its latest public statement released on its restored website early Friday said it was “progressing towards technical recovery” but could not confirm when all of its its systems would be up and running again.

 

The company’s New Zealand arm broke its forced silence on Thursday when its phone lines were restored.

Mearsk's Asia Pacific chief executive Robbert van Trooijen says its ships continue to sail after this week's cyber attack.

JOHN BISSET/FAIRFAX NZ
Mearsk’s Asia Pacific chief executive Robbert van Trooijen says its ships continue to sail after this week’s cyber attack.

Maersk Australia and New Zealand managing director Gerard Morrison said the company had kept its import and export operations going by using Microsoft Excel spreadsheets and handwritten information to instruct Ports of Auckland and Port of Tauranga what to do with its cargo.

Morrison said the cyber attack slowed unloading of vessels.

Ports of Auckland confirmed its handling of Maersk containers had slowed.

Port of Tauranga said earlier this week that its imports had not faced any delays but it was communicating through an alternative method.

The first Maersk containers to arrive in New Zealand since the attack docked at Ports of Auckland on a Hamburg Sud ship early on Friday.

Port spokesman Matt Ball said port staff were unloading the Maersk cargo with no delays.

New Zealand Manufacturing and Exporters Association chief executive Dieter Adam said he had not yet received any reports of businesses not receiving imported goods.

The cyber attack that mainly targeted Ukraine congested some of the 76 ports run by APM Terminals, including in the United States, India, Spain and the Netherlands as well as New Zealand.

Maersk handles one in seven containers shipped worldwide.

Morrison said New Zealand’s ports were facing similar problems to the rest of the world.

New Zealand’s government cyber safety authority, Computer Emergency Response Team (Cert NZ), said it had not received any reports of infections from the malware in New Zealand.

Cert NZ director Rob Pope said on Friday that businesses here were only impacted by precautions being taken by multinational companies to protect from NotPetya.

He urged businesses to make their staff aware of the threat and for any one who had had their computer compromised by a ransomware or malware virus to come forward.

Cadbury owner Mondelez, law firm DLA Piper and advertising giant WPP were also victims of NotPetya.

Symantec cyber security manager Nick Savvides said on Wednesday that the malware attack was similar to the WannaCry ransomware attack that affected Windows computer users last month.

However, there is growing speculation NotPetya was not designed to make money but instead to do economic damage.

The malware spreads automatically through company networks once one machine is infected, but appears not to be programmed to automatically leap from one organisation to another.

 – Stuff

NotPetya cyber attack forcing hand written communication with NZ ports

Danish shipping company Moller-Maersk’s New Zealand arm has broken silence as its phone systems restore amidst the fall out of a global cyber attack slowing import operations.

Maersk Australia and New Zealand managing director Gerard Morrison said on Thursday afternoon that its phone and email systems had been deliberately shut down by the company to stop the spreading of the malware virus, dubbed NotPetya, that hacked its computers in Europe on Tuesday night.

All of its systems except its phone lines remained down, relaying an “enormous” impact to ports across the globe, he said.

Ports of Auckland was among the first to admit its operations had been affected by Maersk's entire system shutting down.

BEVAN READ/FAIRFAX NZ
Ports of Auckland was among the first to admit its operations had been affected by Maersk’s entire system shutting down.

Morrison said its New Zealand staff had been keeping operations going manually, using Microsoft Excel spreadsheets and hand written information to tell Port of Auckland and Port of Tauranga what to do with the cargo that needed to be unloaded off its ships.

This had slowed the arrival of imports but it was too early to tell how long the delay would be for businesses to receive their incoming goods, he said.

Shipping giant Maersk is one of the big names that has fallen victim to a huge ransomware attack.

TOM PULLAR-STRECKER/FAIRFAX NZ
Shipping giant Maersk is one of the big names that has fallen victim to a huge ransomware attack.

Morrison said staff at its Auckland office were overwhelmed with support from hundreds of its nearby clients that offered phone lines, internet connections and office space.

Port of Tauranga (POT) said late Thursday morning that it currently had one Maersk ship docked but it faced no issues or delays in unloading.

POT commercial manager Leonard Sampson said it was “business as usual” at the site as it continued to communicate with Maersk through an “alternative method”, suggestively an external Gmail account set up by Maersk to speak with its clients.

Mainfreight managing director Don Braid says its IT systems were safe but it was struggling to communicate with shipping ...

CHRIS GORMAN/FAIRFAX NZ
Mainfreight managing director Don Braid says its IT systems were safe but it was struggling to communicate with shipping giant Maersk.

Ports of Auckland (POA) spokesman Matt Ball said the first ship carrying Maersk containers since the cyber attack was due to arrive at the port on Friday.

Ball said its port operations were already suffering the fallout from Maersk’s IT systems shutting down because most of its mutual information was shared digitally.

POA confirmed on Wednesday that it was receiving information about the imported cargo from Maersk manually through a Gmail account.

Customers awaiting mail sent by FedEx courier subsidiary TNT Express will experience delays, the company announces.

MIKE BLAKE/REUTERS
Customers awaiting mail sent by FedEx courier subsidiary TNT Express will experience delays, the company announces.

“Maersk have no means of receiving load lists, discharge lists, or instructions for cargo release. They have even closed down their email servers and are communicating via Gmail.”

Multinational freight company Mainfreight also said its export and import operations in New Zealand had been affected.

Mainfreight managing director Don Braid said that it was one of hundreds of companies suffering from the communication issue.

A statement released by Mainfreight on Wednesday said it could not book cargo with Maersk nor retrieve or export freight on vessels that were operated by APM Terminals, a subsidiary of Maersk.

Braid said: “The big issue will be when the ships come into the ports.”

​Maersk’s Morrison said it was now able to accept some cargo bookings through platform INTTRA but was working on creating a manual booking process that would be available to New Zealand clients on Friday morning.

Kotahi Logistics, which manages shipping logistics for Fonterra, chief executive David Ross said on Thursday afternoon that it was pleased with Maersk’s communication efforts and expected “minimal disruption” to its cargo flow.

Kiwirail spokeswoman Sarah Stuart said on Thursday morning that its operations had not been affected despite having Maersk as a client.

Courier company TNT Express said in a statement on Thursday that its mail services would be delayed but when contacted it could not say how that would affect New Zealanders awaiting deliveries.

The FedEx​ subsidiary, which operates in New Zealand, said in a statement released late on Thursday morning: “Like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network.”

The cyber attack has led to congestion at some of the 76 ports run by its APM Terminals unit, including in the United States, India, Spain and the Netherlands as well as New Zealand. The company handles one out of seven containers shipped worldwide.

New Zealand’s government cyber safety authority, Computer Emergency Response Team (Cert NZ), continued to report on Thursday morning that it had not received any reports of infections from the malware – dubbed both Petya and NotPetya.

​It mainly affected  Ukraine, but also hit a swag of multinational firms.

While Maersk has been the big worry because of the knock-on effect on supply chains, Cadbury owner Mondelez, law firm DLA Piper and advertising giant WPP were also victims of NotPetya.

Symantec cyber security manager Nick Savvides said on Wednesday that the malware attack was similar to the WannaCry ransomware attack that affected Windows computer users last month.

However, there is growing speculation NotPetya was not designed to make money but instead to do economic damage.

The malware spreads automatically through company networks once one machine is compromised, but appears not to be programmed to automatically leap from one organisation to another.

Instead, the attack appears to have been “seeded” by an infected update to Ukrainian accounting software service MeDoc, and possibly by phishing emails.

 – Stuff

Global cyber attack affects New Zealand

Local arms of global companies are shutting down operations as a precaution against a worldwide ransomware attack.

A laptop displays a message after being infected by the NotPetya ransomware as part of a worldwide cyberattack.

A laptop displays a message after being infected by ransomware as part of this week’s worldwide cyberattack. Photo: AFP

The ransomware virus cripples computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demands $US300 in bitcoin payments to restore access.

It includes code known as Eternal Blue, which cyber security experts widely believe was stolen from the US National Security Agency and was also used in last month’s ransomware attack, named WannaCry.

A major international law firm, DLA Piper, has shut down its New Zealand office among others because of the attack.

DLA Piper said its office was having trouble getting external emails but all client data was secure.

DLA Piper told its Australian employees it had been the victim of a “major cyber incident” overnight.

View image on Twitter

Its Washington DC office was apparently affected, and DLA told Australian staff via text early this morning that all IT systems had been taken down to contain the situation.

The company said it was was unlikely IT systems in the Asia-Pacific region would be fully restored during the day, the ABC reported.

Maersk New Zealand managing director Gerard Morrison said local IT systems that were part of the shipping company’s global system were largely out of action, and customers could be affected at least until tomorrow.

The market research firm Colmar Brunton has also shut down operations as a precaution since its British parent company was attacked.

The Cadbury chocolate factory in Hobart has also been targeted, the ABC reported.

A hand enters account details on a laptop (file)

New Zealanders worried about the global cyber attack have been told to back up their systems and store files outside their network Photo: TEK IMAGE / SCIENCE PHOTO LIBRARY / ABO / Science Photo Library

A union official said production at Cadbury’s Claremont facility was halted when the computer system went down about 9.30pm yesterday in what was described as a “cyber attack”.

It was understood cyber attackers were demanding a ransom in bitcoin currency, the ABC said.

Cadbury owner Mondelez International had said its staff in different regions were experiencing technical problems, Reuters reported.

Mondelez said some of its New Zealand systems were affected but production in Dunedin was unchanged.

A terminal operated by the shipping giant Moller-Maersk at India’s biggest container port had to shut down its computer systems because of the attack.

The facility, called Gateway Terminal India, was unable to identify which shipment belonged to whom.

The major global cyber attack, dubbed GoldenEye or Petya, has disrupted servers at Russia’s biggest oil company and Ukraine’s international airport.

Russian oil company Rosneft said its systems had suffered “serious consequences” but production had not been affected because it switched over to backup systems. Maersk reported outages at facilities including its Los Angeles terminal. WPP, the world’s largest advertising agency, said it was also infected.

Russia and Ukraine were most affected, with other victims spread across countries including the United States, Britain, France, Germany, Italy, Poland.

Banks in the Ukraine were hit by the malware. This banking machine in Kiev was unable to dispense cash "for technical reasons".

Several banks were hit in Ukraine, one of the worst affected countries. This banking machine in Kiev was unable to dispense cash. Photo: AFP

Cyber crime reporter Kim Zetter said once the malware got into a system administrator it could spread to all parts of an international company’s network.

New Zealand’s cyber emergency response authority, Cert NZ, advised people to back up their systems and store files outside their network. If the ransomware did hit, people should turn off their computer, and not turn it on again, as an IT specialist may be able to recover the files.

Nick Savvides, strategist at security firm Symantec, said New Zealand was not immune to the fast-growing area of cyber crime.

“It’s attracting more and more criminals and more and more unsophisticated criminals who go and buy ransomware toolkits on the black market and try their hand at making money.”

The ransomware was not hugely sophisticated but had spread quickly because companies hadn’t protected their systems against it, he said.

– RNZ / ABC / Reuters

Hard Times for the Shipping and Offshore Sectors in Asia

The year 2016 ended as another painful one for the oil, gas and shipping industries in Asia. The travails of the industries in Asia reflect the global slump in oil, gas and shipping, which resulted from a variety of factors, the biggest being slow global economic growth.

Owing to the decline in oil and gas prices, oil majors and contractors have been badly hit. From a high of $118 per barrel in June 2014, oil prices fell to below $30 and are now hovering at around $52 a barrel. Oil majors have started cutting costs and laying off personnel. The effect of the price slump has blown into a worldwide crisis with the global oil industry’s cut down in capital investment reaching $1 trillion. While oil prices have gradually recovered from their lows, many companies that had been affected by the prolonged slump have gone out of business.

The oil and gas slump has had a direct effect on the offshore marine industry. Vessels are needed to send drilling equipment and supplies to offshore rigs, for oil transportation to onshore facilities and for oil storage in tankers. Additionally, workers need to be moved to and from the rigs. The decline in fuel prices reduced the number of rigs that could be economically operated, and the subsequent knock-on effect meant that fewer contractors and vessels were needed.

In the coming months, offshore support vessel companies may have to merge to strengthen their market positions. This is either due to a squeeze on margins because of rig owners cutting back on spending, or due to fewer construction contracts being issued.

Shipping, too, has suffered a decline, with major carriers suffering large losses. Major shipping lines have had to rethink their survival strategies to be in keeping with the global shipping slump.

As a result, consolidation is being witnessed as Asia’s shipping lines are faced with growing challenges. For example, at the end of 2015, CMA CGM SA, the world’s third-largest container-shipping company, acquired Singapore’s Neptune Orient Lines. This is a trend that is likely to continue in the coming months.
Shipping Woes

In April 2016, Hanjin Shipping, South Korea’s largest container line and the world’s seventh-largest container carrier, applied to its creditors for debt restructuring to avoid bankruptcy. Four months later in August, it filed for receivership after banks, led by the state-run Korea Development Bank, withdrew support. And a few days later, it filed for bankruptcy protection in the U.S. to protect its vessels and cargoes from confiscation by creditors.

There was considerable disruption to Hanjin’s containerized cargo, with vessels arrested and many containers stranded in various ports worldwide, containing an estimated $14 billion in cargo.

Major Hanjin clients such as LG Electronics have switched to other shippers while Maersk Line, the world’s largest container shipping group, is benefiting by picking up new customers on major trade routes.

The Hanjin bankruptcy is emblematic of the industry’s troubles and just one example of shipping majors facing the pressures of muted global trade growth. Dozens of chartered bulk and container vessels have been redelivered early, and that has increased available tonnage in already over-supplied and weak sectors.

The silver lining is that the supply of container ships has tightened to an extent. Average shipping rates in December between Asia and the U.S. were 15 percent higher than in July.
Shipyards in Crisis

Shipbuilding has been a key driving force for the South Korean economy, with ships accounting for 7.6 percent of its exports in 2015. But things are changing. New vessel orders won by South Korean shipbuilders in the last nine months of 2016 were down 87 percent from the same period last year. Meanwhile, in the first three months of 2016, Korean yards won just eight orders for commercial ships with a total compensated gross tonnage (cgt) of 170,000, a large decline from the order of 68 vessels with a total cgt of 2.89 million a year earlier.

With the reduction in demand from global shipping companies since the 2008 global financial crisis, increasing competition from lower cost Chinese shipyards and further stagnation of global trade volumes, Korean shipyards have faced fundamental headwinds to their previous dominant position and are all having to adapt to painful restructuring processes.

The Korean government has pledged to pump $9.5 billion into banks that made large loans to the yards and are now suffering losses. The government will also close 7 out of 31 docks that are used by the region’s top three shipbuilders and shed their combined workforce from 62,000 to 42,000 to reduce capacity in the hope of restoring competitiveness.

These rounds of difficult workforce reduction bring with them serious social and political spillover effects. Besides the fact that the shipbuilding industry is associated with national pride, the massive layoffs will have an adverse impact on local economies where the shipyards are based.

A similar scenario is playing out in China, which has seen a wave of shipyard bankruptcies. In fact, more than 20 medium- to large-sized shipyards in China have shut operations since the beginning of 2015, mainly owing to overcapacity, and the industry’s prospects are not promising.

It is estimated that the Chinese shipbuilding industry needs to be trimmed by another 30 percent or more to address excessive tonnage and for the market to start recovering.
Consolidation in the Cards

In such a context, the wider industry is starting to witness consolidation as shipbuilding companies and shipping lines alike look to take measures to limit losses and boost efficiency.

In February 2016, China’s COSCO shipping corporation—formed through a merger between China Ocean Shipping Company and China Shipping Group—was launched, creating one of the world’s largest shipping fleets. At the time, the chair of China COSCO stated that mergers were going to be a key way to ride out the “the most difficult period that we are experiencing since the financial crisis” by benefitting from economies of scale.

This approach is seen elsewhere, too. Recognizing that container lines now need immense scale to remain competitive, Japan’s three biggest shipping companies—Nippon Yusen Kaisha, Mitsui OSK, and K Line—announced a plan to merge their container operations for a new joint venture due to start in July 2018. The deal creates the world’s sixth-biggest container fleet with 7 percent of global capacity.

Explaining the merger, Tadaaki Naito, president of NYK, said that “the purpose of becoming one this time is so none of us become zero.”

Across the region, more such strategic partnerships—often even between fierce competitors—may be witnessed in coming months. Building new ships and acquiring new capacity are no longer relevant in the region as an imbalance in supply and demand has destabilized the industry and created an environment that is “adverse to container line profitability.”

Eventually, given the stagnation in trade, one viable option for the industry is to consolidate. Three prominent Asian economies—China, Korea and Japan—have all started seeing consolidation in the past year, and it is a trend that will reshape the regional shipping industry.
Source: BrinkAsia

HS EAST-WEST SLOTS TO 2M

Hamburg Süd’s container volumes on the major east-west tradelanes will transfer to the 2M alliance of Maersk Line and Mediterranean Shipping Company as of April 1 this year.

Covering Asia-North Europe, Asia-Mediterranean, Trans Atlantic and Trans Pacific services, the new slot purchase agreement has been reached in anticipation of Hamburg Süd terminating its existing agreements in the tradelanes ahead of its acquisition by Maersk.

Hamburg Süd executive board member Frank Smet expressed satisfaction with the development.

“Our customers will benefit from extended port coverage, best transit times, and an increased number of loops in the east-west trades,” he says.

Adds Maersk Line chief operating officer Søren Toft: “Accommodating these additional volumes enables improved utilisation in our fleet and in turn provides opportunities to enhance our customer offering on select trades in our east-west network.”

The parties are expected to soon disclose information about consequent network changes and schedules.

Maersk and Hamburg Süd are party to a number of such operational agreements worldwide.

However, the former has stated this particular agreement is not related to its pending acquisition of what is currently the world’s seventh-largest containerline, with Hamburg Süd operating 130 containerships, equating to total capacity of 625,000 TEU.

Expected to be completed at the end of this year, that acquisition will provide Maersk — already the largest global containerline — with 741 containerships, equating to total capacity of 3.8 million TEU (18.6% share of global capacity).