Maersk’s L.A. port terminal remains closed after global cyberattack

Maersk containers at a terminal in Germany in 2010.
(Patrik Stollarz / AFP/Getty Images)

The largest terminal at the Port of Los Angeles remained closed Thursday as Danish shipping giant A.P. Moller-Maersk continued to grapple with effects of a cyberattack that rippled across numerous countries Tuesday.

The terminal, leased by Maersk, has been closed since early Tuesday, and there is no word on when it will reopen, said Rachel Campbell, a Port of Los Angeles spokeswoman.

Maersk has said that 17 of its shipping container terminals worldwide were hacked and that, in response, the company deliberately shut down a number of its IT systems. It announced Thursday that it was “cautiously progressing toward technical recovery.”

At the Port of Los Angeles, one ship was anchored outside the breakwater Thursday waiting to dock, though officials were not certain when that can happen since the terminal must first confirm it is ready to receive vessels, Campbell said. The seven other container terminals at the Los Angeles port remained open, Campbell said.

On Wednesday, Maersk said that most of its terminals were operational again. “Some of these terminals are operating slower than usual or with limited functionality,” it said.


All Maersk Line vessels are under control, employees are safe and onboard communication is functioning, the company said.

Maersk also announced Wednesday that it had online booking tools up and running again.

The computer worm affecting Maersk — dubbed NotPetya by some researchers to distinguish it from an earlier strain of malware it resembles — erupted Tuesday in Ukraine, affecting power, governmental and other concerns there. The worm quickly spread to many other countries.

Salim Neino, chief executive of Kryptos Logic, a Los Angeles cybersecurity company, said the worm infected 2 million computers in the first two hours after its release.

Cybersecurity experts, including those from Mountain View, Calif.-based Symantec, have reported that although this computer attack masquerades as ransomware, it’s not really intended to collect payments.

“We have no doubt that none of this was financially motivated,” said Vikram Thakur, a technical director for Symantec in Los Angeles.

Instead, security experts call it a “wiper.” This means infected computers cannot successfully be rebooted, and the encrypted files are forever out of reach.

The worm resembles May’s WannaCry attacks in some ways. It exploits the same vulnerability in unpatched Microsoft Windows operating systems using what is believed to be a program used for spying that was stolen from the U.S. National Security Agency this year.

But it propagates through other tricks as well, including stealing credentials. This makes it more dangerous, and capable of spreading even to patched Windows systems within the network.

Thakur said the attack “brings us to a new situation” where any weak spot in a network can propagate malware to connected devices. That means even users who dutifully update their computers “can fall prey to these kinds of attacks just because someone else on the network didn’t do something correctly,” he said.

Symantec reported that — outside Ukraine, where tax accounting software inadvertently helped deliver the infection — the U.S. has been hardest hit by the malware attack. But France, Britain and Germany also figure high among victims.

Among those hit were Memphis, Tenn.-based FedEx, which reported that operations and communications at its recently acquired TNT Express subsidiary in Europe were affected, though it said there was no data breach.

The types of companies victimized by this latest attack — shipping, pharmaceutical and energy companies — highlight the danger of cyberattacks in a world where information and operation systems are increasingly integrated, said Earl Perkins, research analyst at Stamford, Conn.-based Gartner Inc.

There is “a digital skin being stretched over all these machines,” Perkins said. He said that WannaCry, NotPetya and similar cyberattacks serve to warn that such interconnectedness heightens risks, and that the most advanced companies can sometimes be the most vulnerable.

ALSO: California lawmakers have tried for 50 years to fix the state’s housing crisis. Here’s why they’ve failed »