Ransomware cyber

A P Moller Maersk

Jun 6, 2025 1 min read
A P Moller Maersk

The 2017 ransomware attack on A P Moller Maersk, known as NotPetya, cost the company an estimated $700 million excluding revenue losses. The attack significantly disrupted the company's operations, taking three months for full recovery. The recovery process was aided by a power outage in Lagos, Nigeria, which prevented an Active Directory server from being infected. Maersk's openness about the incident helped bring in resources from around the world, including support from Microsoft, IBM, and Deloitte.

Source: https://www.infosecurity-magazine.com/news/infosec2025-lessons-maersk-ciso/

TPRM report: https://scoringcyber.rankiteo.com/company/a-p-moller-maersk

"id": "a-p612060625",
"linkid": "a-p-moller-maersk",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Transportation and Logistics',
                        'location': 'Global',
                        'name': 'A P Moller Maersk',
                        'size': '120,000 employees',
                        'type': 'Shipping Company'}],
 'attack_vector': 'NotPetya',
 'date_detected': '2017',
 'description': 'The 2017 ransomware attack on shipping company A P Moller '
                'Maersk marked a turning point for the cybersecurity industry, '
                'according to its former CISO Adam Banks. The attack is '
                'estimated to have cost Maersk $700m, excluding any revenue '
                'losses. Following the attack, it was three months before the '
                'business was fully back online.',
 'impact': {'downtime': 'Three months',
            'financial_loss': '$700m',
            'operational_impact': 'Full shutdown of the network, affecting '
                                  '120,000 employees, 16,500 servers, and '
                                  '65,000 user devices',
            'systems_affected': 'Windows servers, including Active Directory'},
 'lessons_learned': 'The decision to rebuild infected systems rather than '
                    'attempt to remove the malware and decrypt systems saved '
                    'time. Openness about the incident helped bring in needed '
                    'resources.',
 'ransomware': {'data_encryption': 'Yes', 'ransomware_strain': 'NotPetya'},
 'references': [{'source': 'Infosecurity Europe 2025'}],
 'response': {'communication_strategy': 'Openness about the incident',
              'containment_measures': 'Shutdown of the entire network',
              'recovery_measures': 'Recovery from backups, assistance from '
                                   'third-party vendors',
              'remediation_measures': 'Rebuilding the entire Windows '
                                      'infrastructure from scratch',
              'third_party_assistance': ['Microsoft', 'IBM', 'Deloitte']},
 'title': 'The 2017 Ransomware Attack on A P Moller Maersk',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.