NotPetya aftermath: Companies lost hundreds of millions

The infamous NotPetya ransomware attack, which started in Ukraine on June 27 but later spread to many international businesses, has resulted in huge monetary losses for the victims.

Even those who paid the ransom couldn’t recover swiftly, as it was discovered that the NotPetya attackers weren’t capable of providing decryption keys. In fact, it is now largely accepted that the attack was not performed to acquire money, but to disrupt operations worldwide.

NotPetya losses

Now that the dust has definitely settled, we can get a clearer picture of the losses the attack has brought on and the extent of the damage by perusing the financial results for Q2 or H1 2017 that the companies hit by the NotPetya have released.

Losses by company

According to their report, A.P. Møller-Mærsk‘s container related businesses (Maersk Line, APM Terminals and Damco) were affected, and systems had to be shut down for a period for precautionary measures. These system shutdowns resulted in significant business interruption, and a negative effect on business volumes.

“We expect that the cyber-attack will impact results negatively by USD 200-300m,” A.P. Møller-Mærsk CEO Søren Skou shared.

“While the businesses were significantly affected by this cyber-attack, no data breach or data loss to third-parties has occurred. A.P. Moller-Maersk also remained in full control of all vessels throughout the situation, and all employees were safe,” the Danish transport and logistics giant noted. The attack hit on Tuesday 27 June, and it took them until 9 July to normalize operations.

French multinational manufacturer of construction and high-performance materials Saint-Gobain was also affected by NotPetya.

“On June 27, 2017, Saint-Gobain experienced an important cyber-attack, which led to information system downtime and supply chain disruptions. IT systems were quickly restored and all of our operations had returned to normal by July 10,” the company shared.

“The cyber-attack is estimated to have had a negative impact of €220 million on first-half sales and of €65 million on first-half operating income. Over the full year, the negative impact is estimated at less than €250 million on sales and €80 million on operating income, with July including additional losses in some businesses in the first few days of the month, a claw-back of June sales, and costs associated with re-starting operations. Overall, just over half the impact of the cyber-attack concerned Building Distribution, while the rest concerned the Group’s industrial businesses, particularly Construction Products. From a geographical perspective, Western European countries were the hardest hit, especially Nordic countries, Germany and France.

American multinational confectionery, food, and beverage company Mondelez International said that their net revenues decreased 5.0 percent, driven by the (NotPetya) malware incident and currency headwinds. “Organic Net Revenue decreased 2.7 percent primarily driven by the impact of the malware incident, which negatively affected shipments at the end of June,” they pointed out.

American pharmaceutical company Merck & Co. (aka Merck Sharp & Dohme – MSD) has not put a number on the losses, but has said that the attack led to a disruption of its worldwide operations, including manufacturing, research and sales operations.

“While the company does not yet know the magnitude of the impact of the disruption, which remains ongoing in certain operations, it continues to work to minimize the effects. The company is in the process of restoring its manufacturing operations. To date, Merck has largely restored its packaging operations and has partially restored its formulation operations. The company is in the process of restoring its Active Pharmaceutical Ingredient operations but is not yet producing bulk product. The company’s external manufacturing was not impacted.”