Merck Cyber Attack: The Aftermath of a 135 Million Dollar Data Breach
In the not too far past, a devastating cyber attack swept the globe. In fact, it was a soon as last June that the ransomware NotPeyta affected several companies and organizations globally. Though in the past, it shouldn’t be easily forgotten, because almost six months later companies are still feeling the financial strain from such an attack. Most recently, the American pharmaceutical company – Merck & Co. Inc. – revealed just how much of a financial blow it was to their operations.
In a quarterly report, Merck quantified the impact of the cyber attack in their annual revenue report. The financial impact was estimated at around US$135 million and $174 million in additional costs since June. The reason for the lost revenue can be traced back to NotPeyta’s disruption of operations that forced a halt on drug production.
The attack caused the shutdown of the human papilloma virus (HPV) vaccine Gardasil 9 production from the U.S. Centres for Disease Control and Prevention, and it impacted other manufacturing, research and sales for nearly a week. The company developed into a ghost land, where company email was disabled, employees were forbidden from using computers and instructions were sent through text message. Because of the sudden shut down, Merck couldn’t meet quota and deliver the drugs timely.
How NotPeyta Foisted Merck
Just how did a NotPeyta malware attack find its way into Merck’s daily operations? When Merck employees came to work on that June morning, they entered offices with blank computer screens, and they were ultimately asked to “go home.” There’s not much work to be done when systems are infected with malware and continued usage might spread the malware.
We know the devastation of NotPeyta was it’s ransomware, which locked computers from use until a money ransom was paid for the encryption key. Ransomware is becoming increasing popular, and a widely used means of getting behind traditional security infrastructures. Where the root origin of how the ransomware entered Merck’s systems is unknown, based on several past cases, ransomware can be delivered in two major ways, outdated software and a phishing attack.
Don’t Be Outdated
Making sure your systems are current and have the most up-to-date software is one of the easiest ways to ensure that you’re taking preventable measures against ransomware attacks. NotPeyta used an exploit in the Windows 7 operating system. Many times, companies that become affected by such attacks missed an important update in their computer operations. Even waiting one or two months to update the software is opening your company data to loss and ransome. A prime example of this, when Great Britain’s National Health Service was infected due to a failure to update systems before WannaCry.
Let’s solve this. Setting up your operations to have scheduled updates can save the hassle of a malware attack like NotPeyta. Further all your systems should go through a frequent audit process, where not just the software is ready for a potential attack, but the employees are ready to act quickly in the wake of such an attack. Employee training and an active response program should be mandatory in any company wanting to stay on top of cyber security.
Avoiding the Phishing Attack
A phishing attack is one of the most common methods of deploying ransomware. This type of attack exploits human nature, and it’s normal curiosity, vulnerability and non education flaws. This attack happens when an employee is send a malicious link or downloadable file. If the employee doesn’t understand the basics of spotting a phishing email, they can become victim and click on malicious links.
Let’s solve this. Monitoring is one of the easiest and simplest ways to set-up your company to be cyber and malware safe. A monitoring software actively probes the system for anomalies that don’t quite ‘fit into the traditional picture.’ This picture is painted through user analytics and by creating a standard normal profile of daily operations. Once the system deviates from normal – malicious attachments comes through an email from unknown user or employee clicks on a malicious link – management can act quickly to intercept, because they’re alerted to these anomalies in “real time”.
Take Merck’s story as a lesson to be learned. Malware attacks are happening more frequently, and companies need to implement ways to fight such attacks. Where the attack can happen in many ways and through several different deployments, preparing yourself and actively creating a response plan is the first move in the right direction.
TechRepublic sums this case up pretty well stating:
“CISOs should take Merck’s story as a warning, stockpiling cash to deal with the aftereffects of such an attack and patching needed software.”
WannaCry, Now NotPeyta: How to Protect Yourself from a Cyber Outbreak
Equifax Data Breach: Who to Trust and What to Do Now
The Negligent Insider: An Inside Look into Phishing Emails and Prevention
6 Ways to Identify a Phishing Campagin