GoldenEye financial damage surpasses $1 billion

Two months ago, the GoldenEye (Petya/NotPetya) ransomware contagion had caused some $500 million dollars” worth of damage, according to financial statements of affected organizations. Biopharmaceutical company Merck now reports it lost hundreds of millions itself after falling victim to the attack in June.

On June 27, reports of a rapidly spreading ransomware attack broke out from Ukraine. Entire networks were shutting down, leading security researchers to believe that Ukraine was falling victim to a wormable ransomware campaign similar to May”s WannaCry attack (it turned out they were right).

In less than three hours, GoldenEye crippled banks and their ATMs, brought public transport to its knees in some areas, and even shut down airports and utilities providers. It soon spread outside Ukraine to deal the same kind of damage to international power distributors, pharmaceutical companies, banks, advertisers, and even law firms.

As its authors were attempting to amass a small fortune in Bitcoins, GoldenEye disrupted several businesses and governmental organizations so badly that the losses climbed to an estimated $500 million, according to quarterly fiscal statements by Danish shipping giant A.P. Møller-Mærsk, food company Mondelez International, construction materials manufacturer Saint-Gobain, and others.

More recently, pharma giant Merck joined the ranks of those severely impacted by GoldenEye, reporting hundreds of millions worth of damages.

The key excerpts from its Third-Quarter 2017 Financial Results (press release) can be found below:

“Sales in the third quarter of 2017 were reduced by approximately $240 million due to a borrowing from the U.S. Centers for Disease Control and Prevention Pediatric Vaccine Stockpile of GARDASIL 9 (Human Papillomavirus 9-valent Vaccine, Recombinant), a vaccine to prevent certain cancers and other diseases caused by HPV, driven in part by the temporary production shutdown resulting from the cyber-attack, as well as overall higher demand than originally planned.”

…

“Additionally, as expected, revenue was unfavorably impacted by approximately $135 million from lost sales in certain markets related to the cyber-attack.”

In other words, Merck has lost as much as $375 million in fiscal Q3 of 2017 due to the GoldenEye attack.

In September, FedEx issued its first quarterly fiscal report mentioning the losses incurred from the June attack.

“The worldwide operations of TNT Express were significantly affected during the first quarter by the June 27 [GoldenEye] cyberattack,” FedEx reported in its first financial report with an outlook on Q1 2018. “Operating results declined due to an estimated $300 million impact from the cyber-attack.”

Most security researchers agree that GoldenEye was actually an attack against Ukraine”s critical infrastructure (that eventually spread internationally) disguised as ransomware. Under that theory, the over $1 billion in damage worldwide counts as mere collateral damage.