Global Firms Work to Contain Fallout From Cyberattack -- 5th Update

By Dominic Chopping Features Dow Jones Newswires

The fallout from cyberattacks that disrupted computers across Europe and the U.S. continued to cause problems for the world's largest shipping firm Wednesday as A.P. Moller-Maersk reported that a number of its port operations remain effected.

Continue Reading Below

The attack, which security experts dubbed Petya and appeared to stem in part from an obscure Ukrainian tax software product, exposed fresh weakness in the computer systems that run modern-day societies as the virus rapidly spread unimpeded across Ukraine, Russia, Europe and the U.S.

"We can confirm that Maersk has been hit as part of a global cyberattack named Petya on the 27 June 2017. IT systems are down across multiple sites and select business units," the company said Wednesday.

Maersk Line vessels are maneuverable, able to communicate and crews are safe, but the company's APM Terminals business is effected in a number of ports, it said.

Maersk said it has contained the issue and is working on a technical recovery plan with its IT-partners and global cybersecurity agencies.

"We have shut down a number of systems to help contain the issue. At this point our entities Maersk Oil, Maersk Drilling, Maersk Supply Services, Maersk Tankers, Maersk Training, Svitzer and MCI are not operationally affected. Precautionary measures have been taken to ensure continued operations."

Continue Reading Below

The conglomerate is implementing business continuity plans and assessing the aggregate impact on its business, it added.

The virus, whose victims included major global companies from Merck MRK & Co. to PAO Rosneft, bore similarities to last month's global ransomware attack but was in some ways more insidious, security experts said.

The ransomware was designed to spread within corporate networks running Microsoft Corp.'s Windows operating system, but didn't appear to be harming consumers, security experts said. A Microsoft spokeswoman on Tuesday said that the company was investigating the outbreak.

Write to Dominic Chopping at dominic.chopping@wsj.com

Global firms scrambled to cope with fallout from a cyberattack that disrupted computers across Europe and the U.S.

A.P. Moeller-Maersk A/S, the world's biggest container-ship operator, has shuttered many of its ports around the world. French construction giant Saint Gobain resorted to manually operating some factory gear.

The origins of the virus were still unknown early Wednesday. Security experts described the computer disruption as a cyberattack and said the virus -- dubbed Petya -- appeared to stem in part from an obscure Ukrainian tax software product. A type of "ransomware," the bug locks data, asks for ransom and spreads quickly from computer system to system -- in this case across Ukraine, Russia, Europe and the U.S. There were few reports from Asia of disruptions.

The ransomware was designed to spread within corporate networks running Microsoft Corp.'s Windows operating system, but didn't appear to be affecting consumers, security experts said. A Microsoft spokeswoman on Tuesday said that the company was investigating the outbreak.

Companies that reported disruptions included U.S. pharmaceuticals firm Merck & Co., British advertising giant WPP Group PLC and Russian oil producer PAO Rosneft.

Mondelez International Inc. confirmed Wednesday that it was also a victim, a day after it said it was investigating an outage of its global IT network. A spokesman said the cause was determined to be a virus, which had been isolated, though the company's systems remain down. The maker of Oreo cookies and Trident gum is working with outside specialists and global security agencies, aiming to minimize any impact on deliveries of its food to retailers.

Many firms hit by the attack said their day-to-day operations hadn't been significantly affected or that they were still assessing the situation. Rosneft, for instance, said on Twitter Wednesday that the virus hadn't affected production, but added that "it is premature to evaluate the cyber attack impact."

In Ukraine, the country that appeared most affected by the attack, the government said it had halted the spread of the virus and that key government and business systems were stable. But others were still struggling Wednesday to restore critical operations. One of those most severely affected: Maersk, a key cog in the world's global supply chain.

Maersk said early Wednesday that widespread computer outages at its APM Terminals subsidiary were preventing it from taking new bookings or offering quotes at affected terminals. Later in the day, the company said it was accepting cargo bookings through a third-party platform for existing accounts, though booking confirmations would take longer than usual. "We are still working on resuming normal operation," the company said on Twitter.

Ports in the U.S., Europe and India reported Maersk-run container terminals weren't taking ships. Whether those APM port closures ricochet more broadly will depend on how quickly Maersk restores systems, shipping experts said.

Coordinating ship arrivals, unloading containers and then scheduling storage and trucks to move products out of ports requires a high degree of coordination and efficiency. A big bottleneck in a single port can reverberate widely and quickly.

The Indian government said Wednesday that an APM terminal at the Jawaharlal Nehru Port, India's largest port on the outskirts of Mumbai, was experiencing trouble. It warned of delays to inbound and outbound vessels at the terminal, one of four at the port.

The government said it was taking steps to "ensure minimum disturbance to trade, transporters and more importantly local citizens." The port has opened up a nearby parking lot where shippers can store cargo delayed at the port.

Lars Jensen, chief executive of CyberKeel, a Copenhagen advisory firm in maritime cyber security, said if Maersk manages to restore its computer systems soon, operations could return to normal without major problems.

"The longer it drags on the more the entire logistics chain will be disrupted," Mr. Jensen said. "The ships can be operated manually but if you don't have access to your operational and commercial databases you won't know where your containers are."

Maersk Line vessels are maneuverable, able to communicate and crews are safe, Maersk said.

APM terminals in New Jersey and Los Angeles were closed Wednesday. The Dutch port of Rotterdam, one of Europe's biggest, said Wednesday that two container terminals operated by Maersk's APM had stopped activities.

"The port is still running at three quarters of its capacity," said Martijn Pols, a spokesman with the Port of Rotterdam.

In Spain, Maersk's APM terminal at the port in Barcelona was closed, according to an official. In a tweet, the Barcelona port said the APM terminal "has been affected by the Petya cyberattack and is working to resolve" the problem.

Several Saint Gobain factories were recovering Wednesday, including a plant in Amboise, France, that produces abrasive wheels, used to cut metal.

"At first there was panic on board," said one Saint Gobain employee who asked to remain anonymous because he wasn't authorized to speak publicly. "Today, we're producing the smallest wheels and what is most urgent. We're having to operate some of the machines manually because the hack infected some of our IT systems."

At the company's plant in Conflans, IT workers were going from computer to computer and implementing software patches to machines not already affected. A worker at the plant said a few machines were down but production was proceeding mostly as normal.

"A lot of clients can't make orders since they use intranet-style systems, and we don't want to infect them," said the worker, who also asked to remain anonymous. "Everything has been locked down to stop the spread."

The French company was also affected in Finland, where it produces plaster boards, insulation and industrial mortars. Olli Nikula, the managing director for Saint Gobain in Finland, said employees in sales still didn't have access to desk phones or email on Wednesday. "Everything is just slower," he said. "Communication is challenging since we are relying on mobiles and social media."

A spokeswoman for Saint-Gobain said it had been affected by the virus and had isolated computer systems to protect data. "Our production lines are still operational and we continue to serve our clients," she said, adding that the company was doing everything possible to resolve the issues quickly.

Jennifer Smith in New York, Valentina Pop in Brussels, Pietro Lombardi in Rome and Anant Kala in New Delhi contributed to this article.

Write to Nick Kostov at Nick.Kostov@wsj.com and Costas Paris at costas.paris@wsj.com

(END) Dow Jones Newswires

June 28, 2017 15:54 ET (19:54 GMT)