When cyberattacks make the news, it’s often because of stolen data or held-to-ransom files. But in June 2017, the world witnessed a different kind of digital devastation. The NotPetya malware, masquerading as ransomware, tore through global networks—crippling companies not by locking files, but by destroying them entirely. Among its most high-profile victims? Global shipping titan A.P. Moller-Maersk, responsible for nearly 20% of the world’s container trade.
What Was NotPetya?
NotPetya was originally mistaken for typical ransomware. But unlike most attacks that promise to decrypt your data in exchange for payment, NotPetya was a “wiper”—designed to inflict irreversible damage.
It spread using the EternalBlue exploit, a vulnerability leaked from the NSA’s toolkit, and struck through M.E.Doc, a Ukrainian accounting software provider. Once inside a network, it moved laterally at terrifying speed.
The Maersk Fallout
On June 27, 2017, Maersk’s IT infrastructure collapsed in a matter of minutes:
-
45,000 PCs and 4,000 servers were wiped.
-
Core systems at APM Terminals—responsible for port operations at 76 ports—ceased functioning.
-
Email systems, container tracking, shipping management, and logistics tools all shut down.
The company had to revert to paper-based operations, delaying ships, stranding cargo, and throwing global logistics into disarray.
The Financial and Operational Impact
Maersk’s estimated losses ranged from $250 to $300 million, largely due to:
-
Operational downtime
-
Lost revenue
-
IT infrastructure rebuild costs
The company had to reinstall thousands of PCs and servers from scratch, relying on a remarkable effort from global teams working nonstop for weeks.
Lessons from the Maersk Breach
This attack became a case study for cybersecurity professionals and business leaders alike. Here’s why:
1. Collateral Damage Is Real
Though the primary target was Ukraine, Maersk became collateral in a geopolitical cyberwar, proving that global organisations can suffer in state-sponsored attacks without ever being the target.
2. Supply Chain Vulnerabilities
The breach via M.E.Doc showed how a single third-party tool could become a Trojan horse for disaster. Every vendor, every integration is a potential threat vector.
Learn more about how to defend against supply chain threats with our Certified Ethical Hacker course
3. Destruction Over Profit
Unlike ransomware which incentivises recovery, NotPetya aimed to eliminate infrastructure. It redefined the aggressiveness of modern cyber warfare.
Explore CompTIA Security+ to understand threat actors and motivations
4. Recovery Requires Resilience
Maersk’s ability to recover showcased the importance of disaster recovery plans, cloud backups, and cross-border coordination.
Get certified in Microsoft Azure to build resilient cloud infrastructure
Industry-Wide Ripple Effects
Maersk wasn’t alone. Companies like FedEx’s TNT Express and Merck were also hit. The estimated global damages from NotPetya run into billions of dollars.
The message? In a hyperconnected world, cyber incidents transcend borders, sectors, and intentions.
Internal Links for Further Learning
Conclusion
The NotPetya cyberattack on Maersk wasn’t just a cautionary tale—it was a watershed moment for cybersecurity awareness at a global scale. It demonstrated the real-world fragility of digital infrastructures, the interdependence of global supply chains, and the devastating consequences of unpatched systems and weak third-party security.
Next Steps
Cybersecurity is no longer optional—it’s mission-critical. If you’re looking to strengthen your organisation’s defences or launch a career in cyber, now is the time to upskill: