Global Firms Work to Contain Fallout From Cyberattack -- 6th Update

Global firms scrambled to cope with fallout from a cyberattack that disrupted computers across Europe and the U.S.

A.P. Moeller-Maersk A/S, the world's biggest container-ship operator, has shuttered many of its ports around the world. French construction giant Saint Gobain resorted to manually operating some factory gear.

The origins of the virus were still unknown early Wednesday. Security experts described the computer disruption as a cyberattack and said the virus -- dubbed Petya -- appeared to stem in part from an obscure Ukrainian tax software product. A type of "ransomware," the bug locks data, asks for ransom and spreads quickly from computer system to system -- in this case across Ukraine, Russia, Europe and the U.S. There were few reports from Asia of disruptions.

The ransomware was designed to spread within corporate networks running Microsoft Corp.'s Windows operating system, but didn't appear to be affecting consumers, security experts said. A Microsoft spokeswoman on Tuesday said that the company was investigating the outbreak.

Companies that reported disruptions included U.S. pharmaceuticals firm Merck & Co., British advertising giant WPP Group PLC and Russian oil producer PAO Rosneft.

Mondelez International Inc. confirmed Wednesday that it was victim of a cyber hack, a day after it said it was investigating an outage of its global IT network. A spokesman said the cause was determined to be a virus, which had been isolated, though its systems remain down. The maker of Oreo cookies and Trident gum is working with outside specialists and global security agencies, and it's aiming to minimize the impact the outage has on deliveries of its food to retailers.

Many firms hit by the attack said their day-to-day operations hadn't been significantly affected or that they were still assessing the situation. Rosneft, for instance, said on Twitter Wednesday that the virus hadn't affected production, but added that "it is premature to evaluate the cyber attack impact."

In Ukraine, the country that appeared most affected by the attack, the government said it had halted the spread of the virus and that key government and business systems were stable.

But others were still struggling Wednesday to restore critical operations. One of those most severely affected: Maersk, a key cog in the world's global supply chain.

Maersk said early Wednesday it was still coping with widespread computer outages at its APM Terminals subsidiary. Maersk said it wasn't taking new bookings or offering quotes at affected terminals.

"IT systems are down across multiple sites and select business units," the company said.

Ports in the U.S., Europe and India reported Maersk-run container terminals weren't taking ships. Whether those APM port closures ricochet more broadly will depend on how quickly Maersk restores systems, shipping experts said.

Coordinating ship arrivals, unloading containers and then scheduling storage and trucks to move products out of ports requires a high degree of coordination and efficiency. A big bottleneck in a single port can reverberate widely and quickly.

The Indian government said Wednesday that an APM terminal at the Jawaharlal Nehru Port, India's largest port on the outskirts of Mumbai, was experiencing trouble. It warned of delays to inbound and outbound vessels at the terminal, one of four at the port.

The government said it was taking steps to "ensure minimum disturbance to trade, transporters and more importantly local citizens." The port has opened up a nearby parking lot where shippers can store cargo delayed at the port.

Lars Jensen, chief executive of CyberKeel, a Copenhagen advisory firm in maritime cyber security, said if Maersk manages to restore its computer systems soon, operations could return to normal without major problems.

"The longer it drags on the more the entire logistics chain will be disrupted," Mr. Jensen said. "The ships can be operated manually but if you don't have access to your operational and commercial databases you won't know where your containers are."

Maersk Line vessels are maneuverable, able to communicate and crews are safe, Maersk said.

On Tuesday, APM terminals in New Jersey and Los Angeles had been closed. The Dutch port of Rotterdam, one of Europe's biggest, said Wednesday that two container terminals operated by Maersk's APM had stopped activities.

"The port is still running at three quarters of its capacity," said Martijn Pols, a spokesman with the Port of Rotterdam.

In Spain, Maersk's APM terminal at the port in Barcelona is currently closed, according to an official. In a tweet, the Barcelona port said the APM terminal "has been affected by the Petya cyberattack and is working to resolve" the problem.

Several Saint Gobain factories were recovering Wednesday, including a plant in Amboise, France, that produces abrasive wheels, used to cut metal.

"At first there was panic on board," said one Saint Gobain employee who asked to remain anonymous because he wasn't authorized to speak publicly. "Today, we're producing the smallest wheels and what is most urgent. We're having to operate some of the machines manually because the hack infected some of our IT systems."

At the company's plant in Conflans, IT workers were going from computer to computer and implementing software patches to machines not already affected. A worker at the plant said a few machines were down but production was proceeding mostly as normal.

"A lot of clients can't make orders since they use intranet-style systems, and we don't want to infect them," said the worker, who also asked to remain anonymous. "Everything has been locked down to stop the spread."

The French company was also affected in Finland, where it produces plaster boards, insulation and industrial mortars. Olli Nikula, the managing director for Saint Gobain in Finland, said employees in sales still didn't have access to desk phones or email on Wednesday. "Everything is just slower," he said. "Communication is challenging since we are relying on mobiles and social media."

A spokeswoman for Saint-Gobain said it had been affected by the virus and had isolated computer systems to protect data. "Our production lines are still operational and we continue to serve our clients," she said, adding that the company was doing everything possible to resolve the issues quickly.

Valentina Pop in Brussels, Pietro Lombardi in Rome, Jennifer Smith in New York and Anant Kala in New Delhi contributed to this article.

Write to Nick Kostov at Nick.Kostov@wsj.com and Costas Paris at costas.paris@wsj.com

Global firms scrambled to cope with fallout from a cyberattack that disrupted computers across Europe and the U.S.

A.P. Moeller-Maersk A/S, the world's biggest container-ship operator, has closed many of its ports around the world. French construction giant Saint Gobain resorted to manually operating some factory gear.

The origins of the virus were still unknown early Wednesday. Security experts described the computer disruption as a cyberattack and said the virus -- dubbed Petya -- appeared to stem in part from an obscure Ukrainian tax software product. A type of "ransomware," the bug locks data, asks for ransom and spreads quickly from computer system to system -- in this case across Ukraine, Russia, Europe and the U.S. There were few reports from Asia of disruptions.

The ransomware was designed to spread within corporate networks running Microsoft Corp.'s Windows operating system, but didn't appear to be affecting consumers, security experts said. A Microsoft spokeswoman on Tuesday said that the company was investigating the outbreak.

Companies that reported disruptions included U.S. pharmaceuticals firm Merck & Co., British advertising giant WPP Group PLC and Russian oil producer PAO Rosneft.

Mondelez International Inc. confirmed Wednesday that it was also a victim, a day after it said it was investigating an outage of its global IT network. A spokesman said the cause was determined to be a virus, which had been isolated, though the company's systems remain down. The maker of Oreo cookies and Trident gum is working with outside specialists and global security agencies, aiming to minimize any impact on deliveries of its food to retailers.

Many firms hit by the attack said their day-to-day operations hadn't been significantly affected or that they were still assessing the situation. Rosneft, for instance, said on Twitter Wednesday that the virus hadn't affected production, but added that "it is premature to evaluate the cyberattack impact."

In Ukraine, the country that appeared most affected by the attack, the government said it had halted the spread of the virus and that key government and business systems were stable. But others were still struggling Wednesday to restore critical operations. One of those most severely affected: Maersk, a key cog in the world's global supply chain.

Maersk said early Wednesday that widespread computer outages at its APM Terminals subsidiary were preventing it from taking new bookings or offering quotes at affected terminals. Later in the day, the company said it was accepting cargo bookings through a third-party platform for existing accounts, though booking confirmations would take longer than usual. "We are still working on resuming normal operation," the company said on Twitter.

Ports in the U.S., Europe and India reported Maersk-run container terminals weren't taking ships. Whether those APM port closures ricochet more broadly will depend on how quickly Maersk restores systems, shipping experts said.

Coordinating ship arrivals, unloading containers and then scheduling storage and trucks to move products out of ports requires a high degree of coordination and efficiency. A big bottleneck in a single port can reverberate widely and quickly.

The Indian government said Wednesday that an APM terminal at the Jawaharlal Nehru Port, India's largest port on the outskirts of Mumbai, was experiencing trouble. It warned of delays to inbound and outbound vessels at the terminal, one of four at the port.

The government said it was taking steps to "ensure minimum disturbance to trade, transporters and more importantly local citizens." The port has opened up a nearby parking lot where shippers can store cargo delayed at the port.

Lars Jensen, chief executive of CyberKeel, a Copenhagen advisory firm in maritime cybersecurity, said if Maersk manages to restore its computer systems soon, operations could return to normal without major problems.

"The longer it drags on the more the entire logistics chain will be disrupted," Mr. Jensen said. "The ships can be operated manually but if you don't have access to your operational and commercial databases you won't know where your containers are."

Maersk Line vessels are maneuverable, able to communicate and crews are safe, Maersk said.

APM terminals in New Jersey and Los Angeles were closed Wednesday. The New Jersey facility will be closed on Thursday, according to an alert from the Port of New York and New Jersey, which said the terminal was aiming to restore "some level of gate operations" by Friday.

The Dutch port of Rotterdam, one of Europe's biggest, said Wednesday that two container terminals operated by Maersk's APM had stopped activities.

"The port is still running at three quarters of its capacity," said Martijn Pols, a spokesman with the Port of Rotterdam.

In Spain, Maersk's APM terminal at the port in Barcelona was closed, according to an official. In a tweet, the Barcelona port said the APM terminal "has been affected by the Petya cyberattack and is working to resolve" the problem.

Several Saint Gobain factories were recovering Wednesday, including a plant in Amboise, France, that produces abrasive wheels, used to cut metal.

"At first there was panic on board," said one Saint Gobain employee who asked to remain anonymous because he wasn't authorized to speak publicly. "Today, we're producing the smallest wheels and what is most urgent. We're having to operate some of the machines manually because the hack infected some of our IT systems."

At the company's plant in Conflans, IT workers were going from computer to computer and implementing software patches to machines not already affected. A worker at the plant said a few machines were down but production was proceeding mostly as normal.

"A lot of clients can't make orders since they use intranet-style systems, and we don't want to infect them," said the worker, who also asked to remain anonymous. "Everything has been locked down to stop the spread."

The French company was also affected in Finland, where it produces plaster boards, insulation and industrial mortars. Olli Nikula, the managing director for Saint Gobain in Finland, said employees in sales still didn't have access to desk phones or email on Wednesday. "Everything is just slower," he said. "Communication is challenging since we are relying on mobiles and social media."

A spokeswoman for Saint-Gobain said it had been affected by the virus and had isolated computer systems to protect data. "Our production lines are still operational and we continue to serve our clients," she said, adding that the company was doing everything possible to resolve the issues quickly.

Jennifer Smith in New York, Valentina Pop in Brussels, Pietro Lombardi in Rome and Anant Kala in New Delhi contributed to this article.

Write to Nick Kostov at Nick.Kostov@wsj.com and Costas Paris at costas.paris@wsj.com

(END) Dow Jones Newswires

June 28, 2017 16:11 ET (20:11 GMT)