Petya ransomware: Companies count the cost of massive cyber attack

Reckitt Benckiser -- known for Dettol cleaning products, Nurofen tablets, Durex condoms and more -- has warned that falling victim to the Petya ransomware attack could cost it as much as £100m in lost revenue.

The health and consumer goods company fell victim to Petya on the day of the global ransomware attack, and a week later some key applications remain only partially operational and a number of facilities are still not fully operational.

While the attack was successfully contained, efforts to minimise its impact have disrupted manufacturing and ordering systems, impacting on the Reckitt Benckiser's ability to ship products, which the company predicts will cause a two percent drop in net revenue growth -- a figure which could work out to be around £100m.

However, the company believes it is making "good progress" in getting applications and systems back on track and will soon be "trading normally" with customers and partners.

"We believe this issue has now been materially contained, and we continue to work with our IT partners to resolve remaining outstanding items" Reckitt Benckiser said in a statement.

"The attack did disrupt the company's ability to manufacture and distribute products to customers in multiple markets across the RB Group. Consequently, we were unable to ship and invoice some orders to customers prior to the close of the quarter," it added.

The company says it is still assessing the full financial impact of events and hopes to catch up on some of the lost revenue during the next quarter, but that "continued production difficulties in some factories mean that we also expect to lose some further revenue permanently".

See also: Create a single file to protect yourself from the latest ransomware attack|Ransomware: An executive guide to one of the biggest menaces on the web

Despite the Petya outbreak appearing to mainly target Ukraine, organisations around the world found themselves victim to this cyberattack.

One of the first high-profile victims outside of Eastern Europe was Danish transport and energy firm Maersk which shut down IT systems at multiple sites due to the attack. However, the company is now once again operating normally.

"Thank you for your patience and support in light of the recent cyber attack. We are pleased to report that our operations are now running close to normal again," Maersk said in a statement.

Other organisations are still dealing with the outbreak of the Petya epidemic. FedEx's delivery subsidiary TNT Express was hit by the global cyberattack and as of 6 July is still working to return systems to normal.

"Like many other companies worldwide, we are experiencing interference with some of our systems within the TNT network," said a company statement.

"We are implementing remediation steps as quickly as possible to support customers who experience limited interruption in pick-up and delivery operations and tracking systems access," it added.

Very few Petya victims paid the cyberattackers the ransom -- and those who did appear to have done so for no reason as the cyberattack doesn't appear to even allow the hackers to recover lost data.

Some have even speculated that the ransomware note was just a cover for the real goal of the virus -- to cause mayhem by irrecoverably wipe data from infected machines.

While the identity of the attackers remains a mystery, Ukraine's interior ministry has said a second cyberattack has been prevented by confiscating the computers and servers of local software firm MeDoc.

It's thought that an update for the firm's tax and accounting software was 'contaminated' by attackers and allowed the Petya outbreak to occur.

READ MORE ON CYBERCRIME

• WannaCry: Why this ransomware just won't die
• Six quick facts to know about the Petya global ransomware attack
• After WannaCry, ransomware will get worse before it gets better
• Hackers behind stolen NSA tool for WannaCry: More leaks coming [CNET]
• Don't be the weak link that brings us all down: Keep your OS patched and up to date[TechRepublic]