Merck & Co. Becomes Victim of Massive Ransomware Cyber Attack

Merck & Co. Becomes Victim of Massive Ransomware Cyber Attack June 28, 2017
By Mark Terry, Breaking News Staff

Merck & Co. was one of the victims of a worldwide ransomware cyberattack yesterday.

Believed to be part of the “Petyka” cyberattack, it began in Ukraine and hit major companies in Spain, India and the UK—and the U.S. The extent of the Merck attack isn’t clear yet.

Merck staffers arrived at work on Tuesday morning to discover a ransomware note on their computers. One scientist who works at a Merck lab in New England told The Washington Post, “Some people looked like they had their hardware wiped—it just shut down the whole network site.” Employees were told to leave their computers and go home.

In a Twitter statement, Merck said, “We confirm our company’s computer network was compromised today as part of global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”

The ransomware encrypts files and file systems on computers, and the criminals behind it then demand a ransom to decrypt the information. This particular attack is being dubbed “Petya” and apparently began in Ukraine before spreading around the world within 24 hours. DLA Piper, a multinational law firm with an office in Washington, DC, was also hit by the attack.

The attack appears similar to “Petya” or “Petrwrap,” and “WannaCry” cybersecurity experts have indicated.

“The emergence of Petya and WannaCry really points out the need for a response plan and a policy on what companies are going to do about ransomware,” Mark Graff, chief executive of cybersecurity firm Tellagraff, told The Washington Post. “You won’t want to make the decision at a time of panic, in a cloud of emotion.”

According to Fortune, in this case the ransom was for $300 in Bitcoin. Although seemingly minor, if it affected literally thousands of companies, it could in aggregate be quite staggering.

Graff notes that there are no guarantees that if a company paid the ransom they would receive the decryption key. “Even if you are paying the ransom, you are dealing with crooks,” he told The Post. “Plus the ethical quandary: Every time somebody pays, it gives the criminals more reason to go off and hurt more people.”

The unnamed Merck employee told The Post, “Without computers these days you can’t do anything. There’s not much you can do without access. It’s one thing to have our laptop be corrupted. We’re really hoping that all the data [in the central servers] is protected. But we don’t know that.”

Other companies affected worldwide by the attack included Danish shipping firm Maersk and food company Mondelez, as well as French construction materials company Saint-Gobain.

Reportedly, Heritage Valley Health System, a two-hospital center in Western Pennsylvania was hit as well. A spokeswoman for the health center told The Inquirer that “Operational adjustments to ensure safe patient care continues unimpeded.”

The attacks are reported to be worse in Ukraine, where the ransomware struck government ministries, banks, utilities, and companies. It even attacked systems that monitor radiation at the former Chernobyl nuclear power plant. The Inquirer writes, “The hack’s scale and the use of ransomware recalled the massive May cyberattack in which hackers likely linked to North Korea disabled computers in more than 150 nations using a flaw that was once incorporated by the National Security Agency’s surveillance tool kit. The attack used the vulnerability called WannaCry to install ransomeware.”

Merck, in an internal communication early on Tuesday, told employees to disconnect their computers from the network, to disconnect all mobile devices, and not to interact with the press or post message on social media. At 2 p.m. Merck sent an email to employees, “Until further notice, do not access the company network from your home or office. Use your mobile phone on cellular networks only, meaning do not connect your phone via Merck MSD WiFi.”

Back to news