In July 2017 shipping and logistics company A.P. Møller-Maersk was subjected to an almost total shutdown of its IT system as a result of the NotPetya cyberattack.
This timeline shows how the company responded publicly over the first ten days. The context, impact, lessons and implications of the cyberattack are set out in this case study.
It is worth viewing Maersk chairman Jim Hagemann Snabe talking about the cyberattack. Maersk head of technology Adam Banks and IT security pro Gavin Ashton also provide useful insider insights into how the company handled the attack. Read Wired‘s untold story of NotPetya for the bigger cybersecurity picture.
July 7
July 3
- Maersk confirms major IT systems have been restored
June 30
June 29
June 28
- 19.01: Maersk sets out recovery actions and priorities
- 08.06: Maersk confirms incident has been contained
June 27
- 22.14: Maersk confirms cyberattack, sets out initial response
- 21.46: Maersk updates holding statement
- 21.03: MeDoc denies responsibility for attacks
- 19.46: Ukraine police confirm accounting software company MeDoc is infected by NotPetya
- 18.15: German email provider Posteo confirms it blocked ransom email address
- 16.12: Kapersky says NotPetya wiper destroys data, affects ~2,000 organisations
- 14.02: Symantec confirms use of Petya ransomware for attacks
- 14.16: Maersk updates holding statement
- 13.21: Maersk publicly confirms IT systems are down
- 11.30: Ukraine Central Bank confirms attack on IT systems
- 04.00: Ransomware attack on Ukrainian banks, power companies etc
Timings are GMT+1
This timeline aims to give a balanced view of Maersk’s response to NotPetya. It does not claim to be comprehensive.
Let me know if there is anything important that is missing, unfair or inaccurate.
You are welcome to use, copy and adapt the contents of this timeline. When doing so, ensure you attribute ‘Charlie Pownall/CPC & Associates‘ and provide a clear, prominent link back to this resource in line with the following licence: https://creativecommons.org/licenses/by/4.0/