US pharmaceutical giant Merck hasn’t figured out the full extent of damage caused by the Petya/NotPetya ransomware attack over a month ago.
The company revealed at its second quarter earnings update that the cyber attack on June 27 disrupted its worldwide operations, including manufacturing, research and sales. Portions of its operations remain hamstrung as it works to restore systems.
Merck, the seventh largest pharmaceutical company by revenues, produces a number of key drugs for cancer treatment, making its ability to supply products critical for patients.
Merck said it is currently restoring manufacturing operations and has largely restored its packaging operations while its formulation operation is partially restored. It's Active Pharmaceutical Ingredient operations "is not yet producing bulk product".
Kenneth C. Frazier, Merck’s CEO, said he expected a full recovery from the cyber attack will “take some time”, though it was making steady progress, according to a Seeking Alpha transcript of its earnings call.
He also said the company’s current full year guidance would have been higher were it not for the cyber attack.
Company execs declined to provide an estimate of the incident’s full cost, but confirmed its operational expenses would rise compared to last year in part due remediation efforts from the cyber attack.
It warned that it faces temporary delays fulfilling orders for certain products in certain regions however believes it can continue to supply key products, and doesn’t expect sales to be significantly hurt.
Merck was one of several global firms hit by the Petya ransomware outbreak, which researchers at the time concluded was in fact designed to destroy systems rather than extort victims. The file-encrypting malware spread rapidly within corporate networks but offered no mechanism to recover encrypted data.
Systems in Ukraine bore the brunt of the attack due to a compromised update from M.E.Docs, a widely used accounting package in the country. However, it also impacted international firms with operations in Ukraine that used the software.
FedEx in mid-July said the Petya attack, which hit its European subsidiary, TNT Express, would have a material impact on its financial performance. It didn’t know when TNT systems would be fully restored and was experiencing widespread service and invoicing delays. It confirmed TNT Express was initially infected though M.E.Docs.
Danish shipping firm Maersk has also installed new security systems following the Petya attack amid its recovery efforts.
Other firms that have faced disruptions including confectionary giant, Mondelez International, and UK firm Reckitt Benckiser.