
Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya - ycombonator
https://www.theregister.co.uk/2020/03/03/maersk_redundancies_maidenhead_notpetya_rescuers/
======
PeterisP
It's worth pointing out the misrepresentation of "NotPetya, a particularly
nasty strain of ransomware, tore through its networks, encrypting and locking
up everything in its path before showing messages demanding a ransom of $300
per device" \- unlike the earlier Petya, NotPetya was never intended to
collect a ransom, it was purely destructive malware intentionally modified so
that it would be impossible to recover the devices for a ransom. It did
display a $300 dollar message for the purposes of masquerade, but it was a
weapon to disrupt Ukrainian economy (released by a watering-hole attack to all
companies using a particular accounting tool aiding Ukraine tax filing,
including multinationals like Maersk), not simply a cybercrime "business
tool".

~~~
ornornor
On the subject, the book sandworm by Greenberg is a deep dive in the story of
how that worm came to be, how it spread, who’s behind it etc.

I highly recommend it, it’s a very good read. And also makes you realize what
cyber warfare looks like or how it can shit a country down (as it did Ukraine:
no power, no ATMs, no way to pay for food...)

------
trollied
If anyone is interested in how the original infection went down, along with
the recovery, I can recommend the book "Sandworm: A New Era of Cyberwar and
the Hunt for the Kremlin's Most Dangerous Hackers"
[https://www.amazon.co.uk/Sandworm-Cyberwar-Kremlins-
Dangerou...](https://www.amazon.co.uk/Sandworm-Cyberwar-Kremlins-Dangerous-
Hackers/dp/0385544405/)

It covers Maersk, lots of infections that paralysed Ukraine, along with the
whole Iran mess that was instigated by the US.

Very interesting book, I thoroughly enjoyed it.

~~~
xt00
Darknet Diaries (ep54) had a great podcast as well on notpetya and talked to
the author of Sandworm.

------
Zenst
Imagine if the entire IT department spent redundancy period self-isolating due
to medical concerns of the current human malware going about.

Certainly make for a faster education in transition.

Issue is not offshoring, issue is the loss of business knowledge and
experience and a pattern that's played out many times when things are
offshored. The whole RBS bank disaster being one of many examples.

[https://forums.theregister.co.uk/forum/all/2012/06/28/rbs_jo...](https://forums.theregister.co.uk/forum/all/2012/06/28/rbs_job_cuts_and_offshoring_software_glitch/)

~~~
HHC-Hunter
Ah, the old C level exec decision to outsource to your "India team". Usually
immediately followed by said company having severe and often crippling issues
immediately after doing so.

This adage always goes so well! Truly one for the modern times.

~~~
Zenst
Yeah, classic seagull management. Come in, flaps and make lots of noise only
to fly off before the shit happens. An issue that plays out in many ways. Been
something I've noticed happen for a couple of decades now.

But it's just short-term thinking allowed to play out as it looks good on the
balance sheet and dividends. Death by accountant is a thing.

[EDIT SPLNG]

~~~
raxxorrax
As a CEO that only gets hired for ~5 years and their performance being judged
at the end of that period, how would you act?

~~~
bsg75
Do the best job I can for the company and its employees, and establish a good
name for myself? Maybe I'm not exec material.

~~~
raxxorrax
I think most CEOs actually try to do that, but they have their targets to meet
and are just another employee that maybe get the most pressure.

------
mc32
Wasn’t this the company who was saved by a singular AD DC that happened to be
offline in Ghana during the nyetpetya outbreak?

It’s like they are looking to for trouble in order to save a few bucks now.

~~~
velosol
It was this company per the Wired article about the incident.

------
louwrentius
If your company gets hit that hard by NotPetya, something is so wrong on a
cultural level, I really wonder what is going on there.

You would expect that a a company operating real-life things like enormous
container ships with all logistics and safety requirements would understand
risk.

~~~
renjimen
Shipping is a conservative industry that's barely had to change to meet the
digital revolution. It's not surprising it doesn't understand digital risk.

Also, as someone who used to work at Maersk, I can attest to the fact that for
a Danish company it is extremely hierarchical. Decisions are not made by
anyone with any technical competency.

~~~
toomuchtodo
While unsurprising, this is deeply depressing.

~~~
bjelkeman-again
I don’t think any sizeable company without a competent CTO and/or CIO will
actually survive in the future.

~~~
toomuchtodo
Hopefully.

------
dukoid
Apparently there are still companies left thinking that IT is not their core
business. Surprised to see this in logistics though. This didn't go well for
Deutsche Bank (there were additional significant consumer facing outages in
Germany):
[https://www.ft.com/content/99f27434-0241-11ea-b7bc-f3fa4e77d...](https://www.ft.com/content/99f27434-0241-11ea-b7bc-f3fa4e77dd47)

------
BCharlie
I wish I knew of some way to change this paradigm. I have repeatedly seen
IT/Engineering teams pull out miracles that save a business, or deliver the
critical edge for growth, only to have the business value that same team close
to zero shortly after.

It seems to me the gap in time between reducing staffing and disaster is
perhaps too long for intuitive connections to be made, but that seems overly
simplistic to me too.

~~~
HelloNurse
A well-run company doesn't need "miracles". They paid the price of
unpreparedness, and successfully rebuilding servers doesn't imply learning
lessons and improving processes.

~~~
BCharlie
I completely agree. I was only pointing out that even extreme cases don't seem
to lead to proper valuations.

Many companies do things in a way where miracles aren't required - but the
values perceived by those departments still don't seem in line with value
delivered.

------
vermontdevil
The persistent view that IT is a cost-center is why this happens.

~~~
zerkten
Many IT teams do a lot to further this view unfortunately. They are often too
passive and fail to engage with the rest of the company. Creativity isn't
valued and good folks leave which means you only have very average process
drones. These folks are then ripe for replacement by cheap, outsourced labor.

~~~
Ididntdothis
That describes exactly the situation at my company. IT is full of smooth
talking managers and analysts who know nothing but manage a large army of
outsourced super cheap contractors. Pretty much all experts have left or have
been laid off.

~~~
sdbrown
I think this appeared on HN a few days ago:

[https://www.computerworld.com/article/2527153/opinion-the-
un...](https://www.computerworld.com/article/2527153/opinion-the-unspoken-
truth-about-managing-geeks.html)

------
stanski
I don't want to be cruel but I hope they learn a valuable lesson sooner or
later.

~~~
thisisnico
I feel like the people making these decisions don't understand at all or have
zero respect/regard for IT and it's importance in industry.

~~~
busterarm
The margins in global logistics right now are razor thin. Large companies have
been outright failing in the last few years.

Maersk is probably more concerned with survival.

~~~
crispyambulance
> Maersk is probably more concerned with survival.

Perhaps, but it's only ~150 IT jobs which were proven to be critical during an
epic cyber attack. Is Maersk really hanging by a thread that thin?

~~~
thu2111
Probably they look everywhere for savings.

I think there's a more obvious problem that it feels like everyone is blind
to. Do we really think these IT staffers are seen by their management as
heros? For sure they aren't. Maersk was nearly unique in how badly it was
taken out by that virus. Job number one of any IT department: don't let a
virus destroy your network. They completely failed at that and the business
paid a huge price. The causes were as you may expect - not keeping up with
Windows updates, all the usual stuff. Not having any offline backups of
critical infrastructure. Things they were trusted to get right.

Are maersk management likely to be losing sleep over replacing this team?
Probably not. What are they going to argue exactly - the Indians won't do as
good a job as they did?

I know it's harsh. I'm sure pointing this out won't go down well. But in the
end they're not in a strong position to argue for their jobs.

------
heartbeats
Indian outsourcing never ends well. I hope they get what's coming to them.
Really, it should be banned.

------
logfromblammo
Six week task list:

\- Train my replacement.

\- Register down at the jobs office.

\- Lie on the floor and cry. Have a nice cuppa tea.

\- Write ransomware targeting Maersk, using insider knowledge of networks and
procedures.

\- Short Maersk stock or buy put options.

\- Release malware.

~~~
C1sc0cat
NO Assuming you don't want to go dark on them

Ask so when does consultation begin (call your union rep if your a member) and
make sure you all get an enhanced pay off

Start looking for a new job - experience in fighting a big attack like this
might be of interest to various TLA's (assuming your grandparents are native
born citizens)

I you find out early take your annual leave

Make sure to take your laptop home if you have one

The last two are in case mersk do what some other big European companies have
done and try and avoid paying out - one case I know of was a uk subsidiary
being made bankrupt

~~~
logfromblammo
Oh, I forgot about the consulting angle, where one could potentially get paid
to come in and help fight the malware that they wrote. No one better
qualified, really. They ought to remember to charge more for the consult than
it would have cost to pay them off to unlock the ransomware, too.

In case anyone needs a Poe's Law check, this was all insincere. I was just
trying to draw attention to the fact that Maersk is essentially drawing a huge
target on their back for aspiring malware authors, by firing the people that
pulled them through their last crippling encounter with malware. It is
extremely unlikely, when they get hit next, that any of their former employees
will be involved. (And even less likely that any of those people will still be
around to pull their asses out of the fire again.)

------
pergadad
Surprising that there is no mention of Brexit in the article. Really unusual
that they stuck throughout the chaos and then only when things are finally
clear they close this department.

------
HelloNurse
Maersk might have IT issues, but they won't be solved by offshoring jobs
unless they stumble on more competent people that are somehow able to organize
work better.

------
gadders
In the linked Wired article, it says it was Deloitte that fixed the issue:

"The Maidenhead recovery center was being managed by the consultancy Deloitte.
Maersk had essentially given the UK firm a blank check to make its NotPetya
problem go away, and at any given time as many as 200 Deloitte staffers were
stationed in the Maidenhead office, alongside up to 400 Maersk personnel."

~~~
MattPalmer1086
I was there. Deloitte were certainly brought in to help and manage, but it was
an all hands to the deck, 24 hour operation for the main recovery process at
the Maidenhead offices.

Everyone contributed to the recovery.

------
TrueNomad
No good deed goes unpunished...

------
timwaagh
a layoff is something a lot of people go through. And those Indians are
generally more competitive. It's nothing special. I'm pretty sure they will
find other jobs.

