Merck has hardened its defenses against cyberattacks like the one last year that cost it nearly $1B

A computer keyboard with the word ransomware highlighted in red
A year after the NotPetya cyberattack took down Merck's API manufacturing and other operations, costing it $915 million, it says it is better prepared for future attacks. (Getty/BeBright)

Gone but not forgotten. A year after the NotPetya cyberattack took down the manufacturing and other operations of Merck & Co., the industry continues to feel the impact.

Merck was among companies worldwide that were hit by the June 27, 2017, attack. NotPetya worked by infiltrating Microsoft systems that had not installed a needed security patch. It encrypted a user's data and sent a ransom message in order for users to take back control—although the ransom was actually a spoof, there was no real way for users to retrieve their data. It also had a worm-like capability that allowed it to spread across affected networks

A spokeswoman for Merck, which has never had much to say about the attack, declined to comment Thursday as well, only pointing to SEC filings for information about the impacts of the attack.

Free Daily Newsletter

Like this story? Subscribe to FiercePharma!

Biopharma is a fast-growing world where big ideas come along daily. Our subscribers rely on FiercePharma as their must-read source for the latest news, analysis and data on drugs and the companies that make them. Sign up today to get pharma news and updates delivered to your inbox and read on the go.

Merck was the only pharma company to publicly acknowledge it was hit. And it was hit hard. The attack has so far cost the Kenilworth, New Jersey, company an estimated $915 million, according to its annual report.

RELATED: Merck says it has restored most of its manufacturing hit by cyberattack

It crippled Merck’s in-house API manufacturing and affected its formulation and packaging systems, as well as R&D and other operations. The company said the attack had a $260 million impact on sales, $330 million impact on marketing and administrative expenses and production costs, and a $200 million impact on 2018 sales through residual backlog. Most operations were restored within six months.

On top of that had production of one of its best-selling products affected even as demand was growing. That forced Merck to borrow $240 million worth of Gardasil doses from the CDC's stockpile due to the "temporary production shutdown resulting from the cyberattack, as well as overall higher demand than originally planned."

Merck has said that it cost $125 million through a reduction in sales because of its inability to meet demand for Gardasil 9.

RELATED: Hack forces Merck to borrow Gardasil doses from CDC stockpile, slamming Q3 sales

Investigations by the U.S. and the U.K. governments found that the Russian military, targeting Ukraine, was behind the attack, which then spread to other systems. Ukraine has recently reported that it uncovered indications that hackers are preparing another attack, perhaps targeting other threat vectors into computer systems.

But Merck said it is prepared this time. In its filings, it said it has taken measures to guard against similar attacks in the future, “but also to improve the speed of the company’s recovery from such attacks and enable continued business operations to the greatest extent possible during any recovery period.”

Read more on