NotPetya ransomware cost Merck more than $310 million
The NotPetya cyberattack has cost the American pharmaceutical giant Merck more than $135 million in sales and $175 million in additional costs since June, the company said in a call with investors Friday.
That number comes in addition to the $300 million loss FedEx said it suffered when systems were disrupted until as late as September. The shipping company Maersk lost $200 million when its systems were infected by the ransomware outbreak. The nation of Ukraine got the worst, however, with more than 1,500 people and organizations reporting being affected by the ransomware. In response, NATO pledged to increase aid to Ukraine’s cybersecurity.
The June attack impacted Merck’s global manufacturing, research and sales for nearly a week. Company email was disabled, 70,000 employees were forbidden from touching their computers, and instructions were sent via copy-and-pasted text messages. The exact cause of the infection remains publicly unclear.
Merck’s pain may not yet be over.
“As we had cautioned in July, the June cyber event negatively impacted third-quarter results, including an unfavorable revenue impact of approximately $135 million from lost sales and approximately $175 million in costs spread across the cost of goods sold and the operating expense lines,” chief financial officer Robert Davis said in an earnings call with investors on Friday. “We anticipate a similar impact to revenue and expenses in the fourth quarter, which is reflected in our updated guidance.”
Another ransomware outbreak earlier this week dubbed BadRabbit was linked to NotPetya by cybersecurity experts. Both tools utilized leaked NSA hacking tools, according to researchers with cybersecurity firms Cisco Talos, IB Group and Symantec.
Merck took several hits this quarter and sales fell 2 percent to $10.33 billion in the last quarter.