NotPetya Ransomware Still Costing Industries Millions in Recovery

Mere months after the NotPetya ransomware contagion, victims were already reporting more than $1 billion in damages across countries and verticals. And the costs associated with the attack are apparently still climbing.

One year after the NotPetya ransomware strike, businesses are still wrestling with recovery, the WSJ reports. Among the victims hit hardest are shipping giant FedEx Corp. and pharmaceutical behemoth Merck & Co. The two are “dealing with the aftermath in the form of millions of dollars’ worth of technology cleanup, disrupted business and lost sales,” Kim S. Nash, Sara Castellanos and Adam Janofsky report.

FedEx has reportedly spent some $400 million on remediation and related expenses, the company revealed during its last earnings call with analysts and investors. Merck, for its part, incurred $670 million in lost sales and manufacturing and remediation-related expenses. Of note, the ransomware attack left the pharmaceuticals company unable to fulfill orders for the Gardasil 9 vaccine, which is made to prevent cancers and other diseases caused by the human papillomavirus.

Other industries suffered similar financial woes. The WSJ mentions global advertising company WPP PLC, law firm DLA Piper LLP, snack maker Mondelez International Inc. and other multinationals as having “lost basic systems such as email and systems for invoices and customer orders in the attack.”

“Some have since reported related dips in revenue and increases in technology spending,” the report reads.

Danish shipping giant A.P. Moller-Maersk A/S was already known to have lost around $300 million in the aftermath of the attack. Summing up the reported losses, the NotPetya tally totals several billion dollars.

NotPetya is believed to be the work of Russian hackers coordinated by the Kremlin. The malware – part ransomware and part data wiper – was baked into a business solution software update that the victim companies unknowingly installed on their systems, granting attackers access to their infrastructures.

Reuters reported this week that Russian hackers are gearing up to launch a coordinated attack similar to the 2017 NotPetya strike, by “infecting Ukrainian companies with malicious software to create ‘back doors.’”

News of the preparations reportedly came from Ukraine's chief of cyber police, Serhiy Demedyuk.

“Analysis of the malicious software that has already been identified and the targeting of attacks on Ukraine suggest that this is all being done for a specific day,” Demedyuk said.