The Ultimate Guide To Cybersecurity In The Real World. - Register Here
The Ultimate Guide To Cybersecurity In The Real World. - Register Here
Schedule a Consultation
Hoplon InfoSec Logo
  • Products
  • Services

Hoplon Infosec · Threat Intelligence

What is The Biggest Cyberattack in The World? 

ByHoplon Infosec
Published16 Jul, 2025
What is The Biggest Cyberattack in The World? 
Hoplon Infosec16 Jul, 2025

In June 2017, one of the world’s largest shipping companies, Maersk, faced a devastating cyberattack that not only shook the company but also disrupted the global supply chain ecosystem. This attack, caused by the infamous NotPetya ransomware malware, led to massive disruptions, IT system outages, and significant financial losses. Moreover, the incident became a landmark case study on the vulnerabilities of critical infrastructure and reaffirmed the need for robust cybersecurity measures. 

This article explores the details of the Maersk cyberattack, the impact of NotPetya malware, Maersk’s response and recovery, and the wider implications for cybersecurity in the shipping and logistics industries. 

What Was the Biggest Cyberattack in the World? 

In the latter part of June 2017, Maersk became the target of a highly sophisticated and complex cyberattack. The root cause was the NotPetya ransomware, a malware variant that initially appeared as ransomware but was later understood to be a wiper designed to destroy data rather than earn ransom payments. 

The malware spread rapidly across Maersk’s networks, encrypting critical files and disabling essential IT systems worldwide. Consequently, the attack forced Maersk to halt operations across multiple business units, including container shipping, port terminal operations, and oil and gas production. 

How Did the Maersk Cyber Attack Happen? 

The NotPetya malware initially infected Ukrainian organizations through a compromised software update for a widely used tax accounting program. From there, it propagated laterally by exploiting vulnerabilities like EternalBlue, a security flaw in Microsoft Windows. 

As a result, Maersk’s systems became collateral damage due to their connection to affected networks. Once inside, NotPetya spread quickly, encrypting files and demanding ransom in Bitcoin. However, the attackers never provided a way to decrypt files, confirming that the goal was sabotage rather than financial gain. 

Impact of the Maersk Cyber Breach 

The assault caused devastating effects on Maersk’s operations, including:

  • IT System Outage: Maersk experienced a total shutdown of critical IT infrastructure worldwide. This outage lasted for weeks in some locations. 
  • Operational Disruption: Ports and terminals under Maersk’s control had to suspend operations, leading to delays and disruptions across global supply chains. 
  • Financial Losses: The total cost of the breach was estimated around $200 to $300 million, covering IT restoration, lost revenue, and reputational damage. 
  • Customer Impact: Clients relying on Maersk faced delays and increased uncertainty in cargo shipping. 

Furthermore, as reported by BBC and The Guardian, the attack not only hit Maersk but also affected several other multinational companies. 

Maersk’s Cyber Attack Recovery Strategy 

The recovery process was complex but rapid:

  • Maersk wiped and reinstalled thousands of servers and tens of thousands of PCs, adopting a “clean slate” approach. 
  • They prioritized restoring critical services and worked closely with cybersecurity experts, including Microsoft and various incident response teams. 
  • The company emphasized transparent communication with customers and stakeholders, providing real-time updates on the recovery progress. 
  • Additionally, Maersk invested heavily in strengthening cybersecurity measures to prevent future breaches. 

According to TechCrunch, the company’s swift action was key to minimizing long-term damage and regaining operational normalcy. 

Understanding the NotPetya Malware and Its Effects on Maersk. 

Unlike conventional ransomware, NotPetya was created as a destructive wiper. It encrypted computers but lacked the functionality to decrypt data upon ransom payment, meaning victims had no way to recover their files by paying attackers. 

Moreover, the malware exploited vulnerabilities such as EternalBlue and credential harvesting techniques, allowing it to spread inside networks at an unprecedented speed. 

Maersk’s exposure highlighted the dangers of legacy systems and insufficient network segmentation in large enterprises. Consequently, the incident drove home the importance of effective patch management and strong cybersecurity practices. 

Broader Implications of the Maersk Cybersecurity Incident 

The Maersk attack revealed the fragility of interconnected global supply chains. Shipping companies like Maersk act as critical nodes, and their disruption has ripple effects on industries worldwide. 

Some broader lessons include:

  • Supply Chain Cybersecurity: Organizations must include cybersecurity resilience in supply chain risk assessments. 
  • Incident Preparedness: Companies need tested incident response plans that enable rapid recovery. 
  • Regulatory and Industry Cooperation: Sharing threat intelligence among sectors improves collective defense against attacks like NotPetya. 

Furthermore, the event accelerated investments in cybersecurity across shipping and logistics sectors globally. 

Maersk Cyber Attack Explained in Brief 

  • Date: June 2017 
  • Attack Vector: NotPetya malware exploiting Windows vulnerabilities 
  • Impact: global IT outage, operational shutdown, and financial loss estimated at up to $300 million. 
  • Response: A full IT rebuild, enhanced cybersecurity, and coordinated incident response. 
  • Outcome: Operational restoration within weeks, improved cyber defenses 

Conclusion 

The cyberattack on Maersk remains a pivotal example of how ransomware and malware attacks can paralyze global businesses. It exposed vulnerabilities in critical infrastructure and drove home the importance of vigilant cybersecurity practices. 

As Maersk rebuilt and strengthened its defenses, the incident served as a wake-up call for industries worldwide to take cybersecurity seriously. In an increasingly connected world, companies must prepare for the inevitability of cyber threats to safeguard their operations and customers. Read the similar blog to know more related incident.

Follow us on X (Twitter), LinkedIn for more Cyber Security news and updates. Stay connected on YouTube, Facebook and Instagram as well. At Hoplon Infosec, we’re committed to securing your digital world.

About the author

Hoplon Infosec

Hoplon Infosec

Was this useful?

React, leave a note, or share it forward.

Leave a note

Share this article

Share this :

Free · Weekly · No noise

Get the threats that matter, before they reach you.

One short email a week with the breaches, zero-days, and fixes worth your attention — written in plain English, no fear-mongering.

Hoplon InfoSec Logo
Address : 1415 West 22nd Street, Tower Floor, Oak Brook, IL 60523

Phone : +1 (773) 904-3136

Email : info@hoploninfosec.com

Services

  • Penetration Testing
  • Cyber Security Assessment
  • AI Development
  • Incident Readiness & Response Recovery

Products

  • IBM Flash Storage Solutions
  • Mobile Security
  • Endpoint Security
  • Deep and Dark Web Monitoring

Sign Up For Newsletter

Get the latest updates on new products and upcoming news

Copyright © Hoplon InfoSec, LLC and its group of companies.
About usContact usTerms & ConditionsCookie PolicyPrivacy Policy
03Latest posts

Keep reading.

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now
15 Jul, 2026

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now

SonicWall SMA1000 zero-day vulnerabilities are under active attack. See affected versions, CVE details, IOC checks and the patch you need right now.

Read More
Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide
15 Jul, 2026

Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide

Windows 11 KB5101650 is blocked on some Dell PCs after an Intel driver conflict triggered shutdowns and overheating. Here is what happened and what to do.

Read More
OFAC Sanctions First VPN Service Over Ransomware
14 Jul, 2026

OFAC Sanctions First VPN Service Over Ransomware

Learn why OFAC sanctioned First VPN Service and a malware cryptor seller, how 1VPNS helped ransomware groups, and how to defend against FSB router attacks.

Read More
CVE-2026-57807: Critical WordPress SSO Flaw Explained
13 Jul, 2026

CVE-2026-57807: Critical WordPress SSO Flaw Explained

CVE-2026-57807 affects miniOrange OAuth SSO through 38.5.8. Learn who is exposed, how the flaw works, plus safe mitigation and incident response steps.

Read More
Mobile App Security Guide: Risks, Fixes and Best Practices
13 Jul, 2026

Mobile App Security Guide: Risks, Fixes and Best Practices

Mobile app security explained simply, covering real risks, OWASP threats, encryption and practical steps to protect any app from hackers.

Read More
Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims
13 Jul, 2026

Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims

Apple OpenAI lawsuit explained. See what Apple accuses Tang Tan, Chang Liu and OpenAI of stealing, and what it means for hardware security.

Read More