The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

AP Moller-Maersk has said that it is too early for it to assess the financial impact from the outbreak of the NotPetya malware, which affected a number of the 76 ports operated by the Danish shipping giant.

The NotPetya malware caused administrative chaos at a number of the ports over the past week, preventing imports and exports from being processed and causing a backlog. The company admitted that it had suffered cancellations as a result, but couldn’t quantify them, or put a financial figure on the cost.

Maersk’s admission comes one day after fast-moving consumer goods maker Reckitt Benckiser warned that the malware would cost the company around £100m or more in lost revenues in the current quarter.

In addition Mondelez, the owner of Cadbury’s, has also been affected by the malware, warning that the disruption caused by NotPetya to factories and warehouses operated by the company delayed shipments in the second quarter, which will have an impact on results.

Unlike Reckitt Benckiser, however, Mondelez expects to fully make up for lost revenues during the third quarter.

“It is too early to predict what the impact will be on quarter-two, or potentially the quarter-three result,” said Maersk’s Asia Pacific CEO Robbert van Trooijen in a conference call this morning with reporters.

However, van Trooijen admitted that the organisation had only just got all of the systems affected by NotPetya back online. “Over the last 48 hours we are basically ensuring that just about every port in the world is able to receive and release cargo again,” he said.

According to Reuters, while the malware didn’t affect the ability of the workforce at its ports to physically load and unload containers from cargo ships, it did disrupt document and data-centric processes, such as creating arrival notices and obtaining customs clearance. This led to congestion at a number of ports.

It also raises questions over the company’s patch management policies at such far-flung locations/

Van Trooijen added that the company wasn’t able to provide insight, just yet, into the number of cancellations as a result of its systems being down.

It’s not clear exactly how the malware spread to, and around, the networks of the handful of the multinational companies that were affected.

The malware was initially propagated via the compromised software update mechanism of an accounting software firm in Ukraine. Some of the multinationals will have had operations in Ukraine, and would have been required to file tax returns in the country, and using the ME Doc accounting software would have been a logical option.

However, with the companies’ software patched up-to-date and secure network practices in place the malware should not have been able to spread any further than that.

Indeed, companies like Reckitt Benckiser haven’t yet disclosed how the malware was able to have a wider impact on systems outside of Ukraine.

While the malware utilised two US National Security Agency exploits for the purpose of self-propagation, the organisations ought to have rolled out patches for those exploits, which were issued in Microsoft’s April Patch Tuesday. It followed that up with further patches in May.