How Ghana Saved a Global Conglomerate from a Cyberattack

On June 27, 2017, employees began to gather at the IT help desk inside the headquarters of shipping conglomerate A.P. Møller-Maersk (a.k.a. Maersk) in Copenhagen, Denmark. Something strange had happened to their computers - big messages in red and black were flashing across the screens. Then many of the machines were shut off without warning. Shortly afterwards, Maersk staffers began dashing throughout the office, shouting for all employees to disconnect their computers. In just a few hours, the malicious code had completely degraded the network of the world’s largest shipping company.

In just a few hours, the malicious code had completely degraded the network of the world’s largest shipping company.

What became known as the NotPetya attack had devastating effects for Maersk. Inside the company’s IT offices, technicians reached a chilling conclusion: all domain controllers had been wiped. Domain controllers operate as servers that store internal authentication information and are used to track which resources individual users are authorized to access. However, it was discovered that one Maersk domain controller was still operational in Ghana – a final hope for the company’s IT team.

unsplash-image-j2c7yf223Mk.jpg

By coincidence, as NotPetya was corrupting the rest of Maersk’s machines, the company’s system in Ghana had been disconnected from the network due to a power outage. Once this stroke of luck was discovered, a rescue mission was planned – an employee in Maersk’s Ghana office would fly to Nigeria to hand the hard drive to another staffer, who would bring it to the company’s IT headquarters in the United Kingdom. It would take Maersk another 5 months to fully recover from the NotPetya attack, but the server in Ghana saved the company’s digital backbone.

Lessons Learned

The near catastrophe suffered by Maersk not only demonstrates the need for companies to ensure proper updates and network segmentation, but also demonstrates the importance of building resilience. It is imperative that we consider how organizations have grown to completely and utterly depend on online systems – and it is this very dependence that proves to be most helpful to attackers and most harmful to victims.

And most importantly, how can the world leverage its symbiotic relationship with digital technology in order to increase resilience?

There is no denying how fortunate the blackout in Ghana was. However, instead of breathing a sigh of relief and resuming business as usual, the company’s IT management should be asking themselves how they can best protect systems from a similar future attack. If systems go down again, are there backups in place? Are there offline solutions that can sustain operations if a network connection is lost? And perhaps most importantly, how can the world leverage its symbiotic relationship with digital technology in order to increase resilience?

Want to know more about increasing cyber resilience? Check out Phishing for Answers’ earlier blog post, #tbt: Why Analog Systems Are Still Relevant.

Previous
Previous

Ways to Learn about Cybersecurity in Under 60 Minutes

Next
Next

Cybersecurity Book Club: “Sandworm” by Andy Greenberg