Danish shipping firm Maersk said the June NotPetya cyber attack will cost it $300m.
The June 27 destructive malware attack will shave between $200m to $300m off its third quarter profits, but the company expects to make up for the temporary losses by the end of year.
Nonetheless, the cost represents about 4.3 percent of the $7.67bn Q2 revenues Maersk's transport and logistics unit reported today. Despite the attack, it upheld its underlying full year profit outlook of US$1bn.
Of several global firms significantly affected by the NotPetya, Maersk has reported the largest absolute costs associated with the attack to date.
Mondelēz International, the maker of Cadbury, Oreo and other food brands, reported a cost of $140m in revenues due to delayed invoicing and shipments.
Drug maker Merck was unable to estimate the cost of the attack at its recent earnings and was still amidst a recovery effort, while FedEx has confirmed the attack would have a “material impact” on its financial performance after the malware caused widespread delays at its European subsidiary TNT Express.
Maersk’s container businesses Maersk Line, APM Terminals, and Damco were affected, while its six other businesses were not.
Maersk shut down infected networks immediately upon discovery and contained the attacked by June 28, it said.
Though Maersk was thought to have been infected through a compromised update from Ukraine accounting software MEDcos, it had not confirmed this until today’s report, which said NotPetya “entered through a software used for filing tax in Ukraine”.
Like other firms, some systems appear to be permanently damaged. “Today all recoverable applications are up and running”, it said.
The company posted updates throughout July as it brought affected affected users and applications in 500 locations back online.
“These system shutdowns resulted in significant business interruption during the shutdown period, with limited financial impact in Q2, while the impact in Q3 is larger, due to temporary lost revenue in July. While the businesses were significantly affected by this cyber-attack, no data breach or data loss to third-parties has occurred,” it said today.