In 2017, the NotPetya malware was wreaking havoc around the world. Though it likely began as a state-sponsored Russian cyberattack targeting Ukraine, its ramifications quickly spread far and wide, including to multinational corporations like Chicago-based confectionary, food, holding, beverage and snack company Mondelez International.
The food and beverage giant, known around the world for brands like Cadbury, Chips Ahoy, Honey Maid, Oreo, Ritz and Philadelphia Cream Cheese, was hit hard by the encrypting malware. Company laptops froze, employees lost access to email and files, and logistics software used to orchestrate deliveries crashed. Even with the company working around the clock to rectify the damage, it took weeks for Mondelez to fully recover, and the financial hit was more than $100 million. The attack permanently damaged 1,700 servers and 24,000 laptops, impacting production facilities around the globe.
“On June 27, 2017, a global malware incident impacted the company’s business,” said Mondelez in its second-quarter earnings announcement. “The malware affected a significant portion of the company’s global Windows-based applications and its sales, distribution and financial networks across the company. During the last four days of the second quarter and early third quarter, the company executed business continuity and contingency plans to contain the impact and minimize the damages from the malware and restore its systems. This allowed the company to service customer needs and continue sales and production at a reduced capacity while progressing recovery activities. Based on the nature of the malware and its impact to the company’s technology, the company did not expect nor to date has it found any instances of company or personal data released externally.”
The NotPetya malware took its name from an earlier ransomware called Petya, with which it shared many similarities. Both impacted Windows-based systems and aimed to encrypt the hard drives of infected computers. But while Petya was ransomware that demanded a Bitcoin payment from its victims, NotPetya is widely viewed as a weapon of Russian cyberwarfare. It spread much easier and was more damaging, with the ability to destroy computers and machines around the globe.
While NotPetya certainly hurt its intended target, Ukraine, it spread quickly to multinational companies like shipping giant Maersk, pharmaceutical company Merck, delivery company FedEx and Russian oil company Rosneft, according to a deep dive published by WIRED. In the piece, former Homeland Security Adviser Tom Bossert confirmed the attack caused more than $10 billion in total damages.
According to Mondelez, the attack included the theft of thousands of user credentials and impacted the company’s ability to complete customer orders. As of Aug. 2, 2017, company officials said operations were still not “back to normal.”
“Over the past four weeks, we’ve worked tirelessly to restore our systems and recover from the disruption,” said Brian T. Gladden, chief financial officer and executive vice-president. “Although we’ve now restored the majority of our affected systems, in a few cases, parts of our supply chain have still not fully recovered, and we anticipate some impacts in our third quarter. We’ll also incur some additional one-time costs related to the incident during the second half.
“In terms of our results, the malware incident had a negative impact of approximately 240 basis points to organic net revenue or about $140 million.”
The NotPetya malware incident at Mondelez also had a significant impact on the insurance industry. Mondelez provider Zurich Insurance denied the company’s claim for damages caused by the cyberattack, citing a rarely used war exemption. According to Zurich, Mondelez was collateral damage in the cyberwar between Russia and Ukraine, setting a precedent other insurers have been using ever since.
Throwback Attack: Hackers steal 1 TB of data from beverage giant Brown-Forman
Throwback Attack: A Florida teen hacks the Department of Defense and NASA