Maersk pins $300m cost on NotPetya ransomware

Ransomware caused 2.5 per cent fall in shipping volumes as the company struggled to process freight

Shipping giant Maersk has claimed that the NotPetya ransomware that ripped through a number of its operations in the summer has cost the company as much as $300m.

The company admitted today that the ransomware caused a 2.5 per cent decrease in shipping volumes as the company struggled to process freight with systems that had been taken down by the outbreak.

"The effect on profitability from the June cyber-attack was $250m-$300m, with the vast majority of the impact related to Maersk Line in the third quarter. No further impact is expected in the fourth quarter," the company advised stockholders in its latest financial report.

It continued: "The cyber-attack primarily impacted July and August, while contingencies related to recovery from the cyber-attack resulted in a negative development on volumes, utilisation and unit cost performance throughout the quarter."

The $250m-$300m costs associated with dealing with NotPetya compare with an "underlying profit" of $372m generated on revenues of $8bn, according to the company, and came against the backdrop of rising container freight rates, which will have cushioned the blow.

In addition to the hit on Maersk Line, part of the company's Transport & Logistics division, the report also indicated that its APM Terminals business had also been affected by "additional costs related to the cyber attack".

However, despite the company's claim that no further impact is expected from the cyber attack in the current quarter, it admitted that recovering IT services and reliability following NotPetya would lead to continuing higher costs.

The report confirms a profit warning related to the ransomware issued by the company in August. It is not the only major organisation to have suffered heavy losses as a result of the destructive malware, with parcel delivery firm TNT Express particularly hard hit.

Reckitt Benckiser CIO Darrell Stein, who hadn't been at the helm of the company for long, left the FTSE-100 fast-moving consumer goods manufacturer just months after the outbreak.

Piers Wilson, head of product management at Huntsman Security, was quick off the mark with comment.

"When looking at these results, every company director should be thinking about how their business would cope with such a dramatic shock. What seems to be a minor disruption can have seismic effects. For Maersk, a 2.5 per cent drop in freight shipping volume caused by NotPetya translated into a $300m loss. For many other businesses, that impact could send them spiralling into bankruptcy."

He added: "Cyber-attacks like Petya, NotPetya and WannaCry are hitting with increasing regularity while the number of security analysts is growing much more slowly.

"As a result, unless businesses can speed up and automate their response to threats, triaging those that present the greatest danger and focusing scarce resources on real issues early in the attack lifecycle, we can expect more companies to become victims and suffer the same, or worse, fate. While Maersk has survived this time, the next business might not be so lucky."