Pharma Giant Merck Sees Petya Profit Hit for Rest of 2017

One of the biggest names in Big Pharma has taken a hit to its bottom line following the Petya ransomware offensive in June.

In a real-world demonstration of the true cost of cyberattacks, drug giant Merck & Co saw a worldwide disruption of its considerable operations, including the production of vaccines and prescription meds, when it was the victim of the international Petya/NotPetya cyberattack in June. The aftermath will hurt its profits for the rest of the year, it said during its earnings call this week.

Merck said it still doesn’t know the full magnitude of the impact of the attack, and that it can’t put a number on the financial hit yet, but that some manufacturing operations are still offline. Specifically, the company can’t fulfill some orders in some markets, and remains incapable of bulk production within its Active Pharmaceutical Ingredient operations.

"Full recovery from the cyberattack will take some time, but we are making steady progress," CEO Ken Frazier said on a conference call as the company reported quarterly results.

To put it into perspective, Merck's quarterly profit for Q2 nonetheless beat the Street, exceeding analysts' estimates on the back of cancer drug Keytruda and rising to $1.95 billion.

Merck was one of many multinationals caught up in the attack, which encrypted files and demanded a ransom of $300 in Bitcoin. The trouble is, Posteo, the email service used by the attackers, suspended the attackers’ account, which prevented them from sending out decryption keys even if victims paid up. In other words, the files were permanently compromised.

A decryption tool has subsequently been made available.

Other victims of the attack included various targets in the Ukraine, British marketing giant WPP, Danish shipper Maersk, FedEx, Cadbury and Oreo-maker Mondelez International and global law firm DLA Piper. British consumer goods giant Reckitt Benckiser said that for its part, widespread damage from Petya could result in a revenue hit of up to £100m this year.

Ukraine officials have blamed Russia for the attack. 

What’s Hot on Infosecurity Magazine?