Cyber Incident Victim: APM Terminals

The Petya ransomware attack emerged on or around June 27, 2017, initially impacting government systems in Kiev before rapidly spreading across Europe, the United States, Asia, and Australia. The malware exploited the EternalBlue vulnerability in Microsoft Windows operating systems, mirroring the propagation method of the earlier WannaCry attack. APM Terminals, a subsidiary of A.P. Moller-Maersk, experienced severe disruptions at multiple global facilities, including the Port of New York and New Jersey—the largest port on the U.S. East Coast—which closed operations for the remainder of the day due to extensive system failures. In Rotterdam, Europe’s largest harbor, APM Terminals faced similar operational paralysis. India’s largest container port, the Jawaharlal Nehru Port Trust near Mumbai, was forced to process cargo manually after Gateway Terminal India’s systems became inoperable, leaving staff unable to identify shipment ownership digitally. The attack also compromised Maersk’s internal systems and online booking tools, affecting its oil and gas production units and port operations worldwide. Concurrently, other major corporations reported infections, including Russian oil giant Rosneft, French manufacturer Saint-Gobain, pharmaceutical firm Merck & Co., and British advertising conglomerate WPP, which evacuated its London offices and disabled IT infrastructure. Ukraine suffered particularly widespread damage, with critical infrastructure such as the Chernobyl nuclear facility’s radiation monitoring systems, utility provider Kyivenergo, and delivery service Nova Poshta all halting operations.

Global response efforts included Europol’s urgent coordination with member states and industry partners to assess the attack’s scope, while affected organizations implemented contingency measures. Rosneft avoided production disruptions by switching to backup management systems, and Ukraine’s Central Bank issued warnings to financial institutions following breaches at multiple banks. The ransomware demanded $300 in cryptocurrency per infected device, though Kaspersky Lab confirmed only 2,000 compromised systems in North America by midday on June 27. In Australia, production halted at a Cadbury chocolate factory in Tasmania due to system failures, while Reckitt Benckiser and Beiersdorf reported IT impacts in India. Argentina’s Rosario grain terminals suspended deliveries, and France’s national railway SNCF experienced system compromises. Cybersecurity firms identified the malware’s use of a forged Microsoft digital signature and confirmed its rapid cross-border spread via corporate networks. Ukrainian officials characterized the incident as the country’s largest cyberattack, alleging motives of economic destabilization disguised as financial extortion. The incident underscored systemic vulnerabilities in critical infrastructure, particularly where delayed software patching left systems exposed despite available fixes. Operational disruptions persisted for days at multiple logistics hubs, highlighting dependencies on interconnected digital systems.