Earlier this summer, the world learned of two global cyberattacks known as WannaCry and NotPetya. From the beginning, it appeared that both of these attacks were classic examples of ransomware, leveraging cryptocurrencies such as Bitcoin to extort monies from businesses whose only hope of regaining access to their networks, systems and information was to pay the attackers.
In the weeks that followed these attacks and into August of this year, however, more information came to light about both WannaCry and NotPetya, particularly the true costs associated with each.
Typically, when we asses costs of a ransomware attack, we focus on how much cyberattackers were able to extort from their victims. In the case of these attacks, however, the amount of monies paid was small, relatively speaking. In both attacks combined, the bad guys walked away with roughly $140,000 USD, a pretty small haul considering the scope and effort associated with the attacks. (Source: Bloomberg Technology, “Europe’s Cyber Victims Are Racking Up Hundreds of Millions in Costs,” by Aaron Ricadela, August 3, 2017).
The true costs, however, and one of the reasons these attacks have more accurately been described as pseudo-ransomware attacks, are much higher, and speak not to amounts paid to the attackers, but to lost sales, revenues, factory downtime and associated lost profits incurred as a result of system and network outages.
According to reports, the following companies were hit the hardest by these cyberattacks, suffering millions of dollars in losses:
- “Nivea skin-cream maker Beiersdorf AG said [ ] that Petya cost [$41.5 million] in first-half sales. The company has yet to report the costs of held inventory and halted production in 17 plants. Computers at its Hamburg headquarters and nearly 160 global offices were also knocked off-line.” (Source: Bloomberg Technology).
- “Reckitt Benckiser in the UK was also hit as the company lost £90m ($115 million USD) in sales after the attack. It was reported that the company was manufacturing at “less than full capacity” till July. The attacks wiped out 2000 servers and 15,000 laptops.” (Source: International Business Times, “Wannacry and Petya: Companies hit by the attacks have lost hundreds of millions in costs,” by Immanuel Jotham, August 4, 2017).
- “…Maersk has revealed the financial impact the NotPetya attack had…the total cost for dealing with the outbreak will land somewhere in the $200 to $300 million range. NotPetya-related costs contributed to a $264 million quarterly loss despite revenues rising from $8.7 billion to $9.6 billion year-over-year. (Source: Forbes, “NotPetya Ransomware Attack Cost Shipping Giant Maersk Over $200 Million,” by Lee Mathews, August 16, 2017).
- “French construction giant Saint-Gobain said the attack led to downtime of IT systems and supply chain disruptions. The NotPetya attack has had a negative impact of €220 million ($258 million) on sales and €65 million ($76 million) on operating income in the first half of 2017. Until the end of the year, total losses are expected to rise to €330 million ($387 million). (Source: SecurityWeek, “NotPetya Attack Costs Big Companies Millions,” by Eduard Kovacs, August 17, 2017).
In short, the WannaCry and NotPetya cyberattacks were less about cybertheft and more about global business disruption. And experts expect more to come. “Kaspersky Labs’ quarterly report suggests that the trend is likely here to stay for now, as waves of increasingly sophisticated hacks further the veiled aims of shadowy individual actors and governments alike.” (Source: TechCrunch, “More pseudo-ransomware attacks are probably on the way,” by Taylor Hatmaker, August 8, 2017).
As always, be vigilant and invest in preparedness to defend against these types of cyberattacks. Only those leadership teams that are alert and ready will be able to forcefully repel and address the next “wolf in wolf’s clothing” cyberattack.