NotPetya Costs Merck, FedEx, Maersk $800M



Dan Gunderman
10/31/2017

The depth of this year’s NotPetya attack is now coming to light, and it is certainly no laughing matter – especially for companies’ bottom lines.

The pharmaceutical titan Merck reported colossal losses attached to the ransomware attack earlier this year. In fact, in a call with investors on Friday, the company said that NotPetya cost them $135 million in sales and another $175 million in additional costs since June.

Similarly, shipping industry leader FedEx reported exorbitant losses with NotPetya. Systems were affected by the ransomware blitz until as late as September, costing FedEx $300 million.

FedEx’s dealings with the destructive Trojan horse were quite widespread, too. As originally reported by CSHub, the company’s TNT Express International courier division took a hit from NotPetya, suffering damage even a month after the initial attack. This was traced back to an employee productivity dip – partially because they were forced to resort to manual protocols as the sweeping issue was mitigated. The courier division was just purchased by FedEx for $4.8 billion in May 2016.

At the time of the attack, FedEx did not attach a numeric value to its NotPetya hit, but said, “Our 2018 results will be negatively affected by our TNT Express integration and restructuring activities, as well as the impact of the TNT Express cyber-attack.”

Global shipping and logistics enterprise A.P. Moller-Maersk also fell victim to the crippling attack. In its August financial report, the company confirmed that it felt a significant loss in Q2 because of the ransomware. In a statement, it said that Maersk Line, APM Terminals and Damco were affected by the ransom-demanding plague.

“Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted. We expected that the cyber-attack will impact results negatively by 200-300m,” the statement read.

NotPetya also wreaked havoc on specific geographic regions, namely Ukraine, which had 12,500 machines held for ransom under NotPetya’s sway. Shortly after Ukraine felt its effects, 64 other countries were drawn into the attack. Outside of Maersk, FedEx and Merck, other targeted companies included Russian energy company Rosneft, American food company Mondelez International and a unit of BNP Paribas bank.

See related: Reaper Botnet Wreaking Havoc On Millions Of Devices

The target for most of these attacks: older Windows systems. The process: infecting systems with encrypted payload that prevented the operating system from booting. More specifically, users were greeted by a red screen with an alert from the pirates ushering them to the Tor Browser. This subsequently demanded $300 in bitcoin. The associated email address was blocked, meaning even after payment, files could be horded by the NotPetya black hats.

Early strands of Petya were discovered in March 2016, and quickly propagated via email attachments. The iteration used in the 2017 cyber-attack was a new variant, which used similar tactics to this year’s WannaCry ransomware attack. Kaspersky’s Lab dubbed this new cyber pathogen “NotPetya,” to distinguish it from the 2016 strands.

As evidenced, global enterprises can face a massive uphill battle, financially, after fending off a ransomware attack. These costs can spill over into different quarters and influence revenue for an entire year, as NotPetya is making clear with its select group of targets – and of course their subsidiaries, namely FedEx’s TNT Express.

As CSHub previously noted, a report from Lloyd’s of London placed global cyber-attacks in the same financial tier as natural disasters, specifically 2012’s Superstorm Sandy.

What it often comes down to is strategic decision making. The quintessential question, then, becomes: Have you done enough to defend your enterprise from attacks hitting on all fronts? As companies realize more and more connectivity, they will naturally have to invest more energy and resources into threat defense.