June’s GoldenEye (Petya/NotPetya) ransomware contagion crippled power distributors, pharmaceutical companies, banks, advertisers and even law firms, sparing no organization running a vulnerable infrastructure. Earning reports from several affected companies now reveal just how much the attack damaged some industries.
Despite the widely accepted theory that GoldenEye was deployed mainly to shake up Ukraine, it now appears the ransomware could have fetched a handsome sum for its authors, had they not been so clumsy with their end of the bargain – decrypting victims’ data.
HelpNetSecurity has compiled an short list of companies that have (so far) confirmed the extent of the financial damage inflicted in June’s cyber-attack.
Following the attack, Danish shipping giant A.P. Møller-Mærsk was forced to commission a major shutdown of its systems, freezing its container business for long enough to cause hundreds of millions of dollars worth of damage.
“We expect that the cyber-attack will impact results negatively by USD 200-300m,” CEO Søren Skou said.
Construction materials manufacturer Saint-Gobain reports similar adversity. In a press release disclosing its first-half results for 2017, the company reveals that GoldenEye caused such massive disruption to its operations that it took two weeks to return to normal.
“The cyber-attack is estimated to have had a negative impact of €220 million on first-half sales and of €65 million on first-half operating income,” the company said. “Over the full year, the negative impact is estimated at less than €250 million on sales and €80 million on operating income, with July including additional losses in some businesses in the first few days of the month, a claw-back of June sales, and costs associated with re-starting operations.”
Mondelez International, a multinational confectionery, food, and beverage company saw its net revenues drop 5% due to a GoldenEye infection. It gave no precise estimate of the damage.
American pharma company Merck was equally unable to quantify the losses, but said it is working hard to “minimize the effects.”
Between the four of them, these organizations alone have reported up to half a billion dollars worth of damage to their industries. Considering that this is just a fraction of the companies that reported getting infected with the GoldenEye ransomware, we can only imagine the total damage at a global level.
All it ever needed was one vulnerable computer
Big organizations are compelled to disclose losses to stakeholders, which ultimately causes reputation damage too, further deepening the dent in their business. Companies big and small are increasingly aware that running vulnerable systems can cause irreparable damage. With several major attacks occurring this year alone, CIOs and CTOs everywhere need to radically rethink their investments in cybersecurity.
GoldenEye used the EternalBlue exploit that was leveraged by WannaCry, as well as a second exploit called EternalRomance, to act like a worm and replicate laterally, infecting entire networks of computers in seconds.
And a credential dumping tool let the ransomware infect even non-vulnerable systems by gaining administrator rights – all it ever needed was a single vulnerable system.