I worked a Maersk for a couple of years. This happened once before, we came in and all Maersk's machines were randomly shutting down.
I heard later a rumour that the reason the AV didn't pick it up was it was a 0-day (stuxnet derived before that was known) and it was literally targeting the SCADA systems on boats.. but that's also the plot of Hackers, so take that with a pinch of salt.
Anyway being the build/devops/tooling person on a project i burned 40 dvd's with eclipse and ubuntu and handed to them to the devs and they booted into Ubuntu and kept developing.
All was going fine until i got a telling off from the Corporate IT security team complaining that our unauthorised Ubuntu machines weren't running AV and so could be introducing viruses into the network.
After close to a decade of working in DK, I found their Big IT corporate processes resembling a Deathstar. Looks powerful from a distance, but flaws/inefficiencies can be discerned if you happen to be at close quarters. Also, they advanced ponderously. Which was weird because if you spoke to individual engineers in the teams, they seemed to know how things should be done. I was at Maersk same time as you, and I recall your team (ADLT!) eventually conjuring up some Vagrant machines for us devs, which were, it turned out, a pain to use since the AV kept interfering with the running VM's.
Ill see if I can find the episode, but did you know that the Stuxnet idea was first televised on an episode of Wonder Woman from the 70s? (Pre-dates hackers)
Nevertheless, I doubt the ability of AV softwares catch these unconventional Ransomwares. Anyone feels the security industry (apart from asking the user to update their OS to latest version) is capable of handling this?
New Petrwrap/Petya ransomware has a fake Microsoft digital signature appended. Copied from Sysinternals Utils.
I was sitting next to someone who wanted didn't close his laptop immediately when notified, 1 minute later it was too late.
Most of my colleagues went home, even if their laptop was not infected (also over de VPN) they are no allowed to start the machine. Some departments ask people to stay home tomorrow too. Those with MacBooks continue working. And externals.
The comment you replied to answered your question completely: No.
The signature doesn't validate, and was simply copied from a published Microsoft application (something from sysinternals). You can do this at home right now by visiting Microsoft.com, downloading any signed application, and copying the signature verbatim onto your application.
I wonder if the plot of Hackers was derived from the fact that shipping companies typically keep a cash bounty in their on-ship safes to placate pirates should they come aboard, as (AFAIK) it is cheaper(?) to just pay off a pirate than deal with all the other factors?
Hey, FWIW we had to do some response for ransomware cases recently. There was a lack of decent stuff out there for how IT teams should deal with it. So we contributed to putting together this quick checklist:
One morning a colleague notices that a particular Windows share used by every EE in the multi-national company now contains encrypted files and generic request for ransom.
Highlight of the e-mail thread that followed:
"<Name of another coworker whose account was used to encrypt files>, virus again?"
If you see the fake chkdsk reboot to media and overwrite/fix the master boot record. It encrypts the master file table on startup (before AV etc.), has sophisticated lateral movement capabilities using WMIC. Don't bother paying the ransom - the mailbox is dead you'll never get your files back that way.
Mearsk is kind of critical infrastructure - they carry a lot of freight. It's conceivable that if you took out a few major carriers like this for a week, you'd get widespread food shortages.
Even just Maersk could have huge consequences. Some of their ships have capacities of more than 10,000 containers, that's a lot of goods which may not be unloaded for the time being. Many supply chains will be quite sensitive to a delay like this and it could have very visible knock-on effects.
A delay of a day is probably already enough to cause congestion in ports with further delays down the road.
it tanked because maersk dropped rates and made the triple-E (worlds largest container ship) and no one has resources to compete or even get close to the prices
Any actual connection between this malware and XP?
Last time (WannaCry) after the usual initial "you should update" choir, it seemingly came out that after all it was not as vulnerable as initially thought:
I heard later a rumour that the reason the AV didn't pick it up was it was a 0-day (stuxnet derived before that was known) and it was literally targeting the SCADA systems on boats.. but that's also the plot of Hackers, so take that with a pinch of salt.
Anyway being the build/devops/tooling person on a project i burned 40 dvd's with eclipse and ubuntu and handed to them to the devs and they booted into Ubuntu and kept developing.
All was going fine until i got a telling off from the Corporate IT security team complaining that our unauthorised Ubuntu machines weren't running AV and so could be introducing viruses into the network.
Total facepalm.