Jim Hagemann Snabe awoke to a dire call at 4 a.m.
His company was under attack. There was nothing he could do to stop it. And it was going to cost his firm the better part of $300 million.
Snabe runs Maersk, a 140-year-old shipping company based out of Copenhagen, Denmark. It's the largest company of its kind in the world, transporting roughly 20% of world trade.
In June 2017, this global shipping line fell victim to what looked like ransomware, but was actually much more savage.
Ransomware is malicious software that, when installed, blocks access to an infected computer until a ransom is paid. The ransomware typically shows up as an e-mail in your inbox. Often, it prompts you to download a file that, when opened, allows "admin access" to your computer. The ransomware encrypts your data – locking you out of your own system.
It happens that easy and that fast.
The locked computer shows instructions on the screen for how to reinstate access. Once you send a hefty payment to an anonymous account, usually through bitcoin, the ransomware sends a code to unlock the computer.
Ransomware like WannaCry and Petya cost victims about $9 billion across 150 countries in 2016 and 2017. What hit Maersk was even more nefarious...
It was, creatively, called "NotPetya." The CIA believes the Russian military developed NotPetya to disrupt the Ukrainian banking system. But it quickly spread to Ukrainian business partners in other countries like Poland, Italy, Germany, Denmark, the U.K., the U.S., and even Russia itself.
What happened next at Maersk is a shocking example of the damage that cybercrime inflicts on the global economy... and why stopping it will bolster a growing, multibillion-dollar industry over the coming years...
Unlike Petya, NotPetya did not need victims to gullibly grant it access to their systems. Instead, it spread itself through a secret surveillance peephole developed – ironically enough – by the U.S. National Security Agency... a backdoor to the Windows operating system.
NotPetya got into the Maersk system through the auto-update feature for the company's accounting software, which was set to make software updates install by themselves.
Normally, information technology ("IT") departments want the auto-update feature turned on because software updates include bug fixes and security patches. They're supposed to make your computer more secure.
But NotPetya exploited the Microsoft Windows backdoor to sneak undetected through Maersk's auto-update and wipe out the Master Boot Record ("MBR") on every infected Windows PC and server in the company. (The MBR is a special place on every hard disk you need to start up the computer. If you can't access the MBR, or if it's corrupted, you lose your data and must replace the computer.)
Petya was designed to make money. NotPetya was designed to destroy.
Once inside Maersk, NotPetya spread rapidly by sending out signals called "pings" to find all devices on the network. It then built a list of names, IP addresses, usernames, and passwords... and moved laterally across Maersk's network.
The attack obliterated the company's entire IT infrastructure, and Maersk was without IT for 10 days. Remarkably, the company was able to maintain 80% of its shipping volume manually. But it had to replace and install 45,000 PCs and 4,000 servers to recover from the ransomware attack.
Over the two months following the attack, it cost Maersk $300 million.
Reports claim that NotPetya affected more than 2,000 companies worldwide and caused $1 billion in total damage. That's on the light side, if you ask me.
For example, pharmaceutical giant Merck claims the attack cost it about $310 million. Global courier FedEx said it took a $400 million hit. And Mondelēz International, the owner of Cadbury chocolate lost $180 million.
If just these three companies and Maersk total more than $1 billion, NotPetya likely got away with several times that figure in the end.
The Trump administration called it "the most destructive and costly cyberattack in history."
Cybercrime is the world's fastest-growing criminal business. As you can see, the number of data breaches per year has shot up more than 900% since 2005...
According to one report, cyberattacks cost the global economy $600 billion in 2017 – up from $445 billion in 2014. Research firm Gartner reports that businesses will spend more than $1 trillion on cybersecurity products between 2017 and 2021.
That offers huge potential for companies with the right products and the right people to maximize the opportunity.
Attacks like we saw at Maersk will continue to haunt corporations around the world. And these corporations will use the products and innovations of cybersecurity companies to protect them.
So if you're looking for a great place to put money to work in the coming years, check out this fast-growing sector.
For a simple one-click way to invest, you can start with the First Trust Nasdaq Cybersecurity Fund (CIBR). This fund tracks an index of companies involved in the industry. And it's a great way to get exposure to this powerful trend in your portfolio.
Good investing,
Christian Olsen
Editor's note: Right now, Christian is on the ground at CES – the world's largest consumer technology event – with tech-investment guru David Lashmet and a team of researchers, hunting for the newest growth opportunities in tech. You can access some of their top ideas from this exclusive convention in the team's upcoming "Super Tech Portfolio"... featuring eight to 10 recommendations, each with the potential to soar 500% or more in the next few years. Click here to learn more.
Further Reading
"Financial institutions that rely on antiquated ways of doing things are going to have to adapt... or become obsolete," Eric Wade writes. Learn more about the disruptive technology that could change these companies' business models right here.
"We're in the early stages of an unstoppable trend," Dave Lashmet says. Right now, another breakthrough technology may be coming sooner than you think... and investors can take advantage today. Get the details here: The One Company Set to Power the Driverless Car and Truck Revolution.
Unstoppable tech trends can lead to huge gains for investors. We are at the beginning stages of a major shift in mobile technology. And one company will likely outperform as a result...
A SURPRISE RALLY FOR THE SHOES YOU LOVE TO HATE
Today, one of our favorite investing ideas is back in action...
Regular readers will be familiar with Steve's term "bad to less bad" trading. If you buy beaten-down assets cheap, you can make healthy returns as the market evens out – as things get "less bad." Today, we're highlighting an explosive turnaround...
Crocs (CROX) is a wacky shoe-seller known for its giant plastic clogs. Since 2002, Crocs has sold more than 600 million pairs of its lightweight, slip-resistant shoes worldwide. But the company overextended itself in the mid-2000s, cranking out more shoes than it was able to sell. Now, CEO Andrew Rees – who took on that role in 2017 – is focused on cutting underperforming products and reducing costs. And in the most recent quarter, Crocs reported $261 million in sales, a 7.3% increase over the same quarter in 2017.
As you can see, CROX shares have rebounded to new multiyear highs. The stock has skyrocketed roughly 400% since its May 2017 low. It's an exceptional case – but it shows big gains are possible when a bad situation improves...