Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

NotPetya Attack Had Significant Impact on Merck Revenue

American pharmaceutical giant Merck reported last week that the recent NotPetya malware attack caused losses of hundreds of millions of dollars in revenue.

American pharmaceutical giant Merck reported last week that the recent NotPetya malware attack caused losses of hundreds of millions of dollars in revenue.

The company’s financial results for the third quarter show that worldwide sales decreased by 2 percent to $10.3 billion compared to the same quarter of 2016. This was partly blamed on sales reduced by roughly $240 million due to insufficient stock of Gardasil 9, a vaccine designed to prevent certain cancers and other diseases caused by human papillomavirus (HPV).

Merck said it had to borrow the product from the U.S. Centers for Disease Control and Prevention’s Pediatric Vaccine Stockpile due to a higher demand than originally planned and the temporary disruption to production caused by the NotPetya attack.

“Additionally, as expected, revenue was unfavorably impacted by approximately $135 million from lost sales in certain markets related to the cyber-attack,” the company said in its latest SEC filing.

Merck’s marketing and administrative expenses of $2.4 billion may have also been smaller if it wasn’t for remediation costs related to the cyberattack.

Shortly after the attack, the firm reported that the incident had disrupted its worldwide operations, including manufacturing, research and sales. By late July, the company had still not fully restored manufacturing operations.

Merck is one of several major companies hit by NotPetya, a piece of malware that infected tens of thousands of systems in more than 65 countries back in June. The malware initially appeared to be a piece of ransomware, but researchers later determined that it was actually a wiper as there was no way to recover encrypted files even if the ransom was paid.

FedEx reported losses of roughly $300 million, and Danish shipping giant AP Moller-Maersk estimated that the attack would cost it $200-$300 million. Significant losses were also reported by British consumer goods company Reckitt Benckiser ($130 million), Mondelez International ($150 million), and French construction giant Saint-Gobain ($387 million by the end of the year).

Advertisement. Scroll to continue reading.

The threat group that launched the NotPetya attack may also be behind the recent Bad Rabbit ransomware campaign that hit many Russian organizations and some in Ukraine. While Bad Rabbit actually appears to be a piece of ransomware – users should be able to recover their files by paying the ransom and in some cases even if they don’t pay it – the number of affected organizations is much smaller.

Related: FBI Says $1.45 Billion in Losses to Internet Crime Reported in 2016

Related: Industry Massively Underinsured Against Global Cyber Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...