Merck Cyberattack's $1.3 Billion Question: Was It an Act of War?

[InfoSec News <alerts () infosecnews org>]

https://www.bloomberg.com/news/features/2019-12-03/merck-cyberattack-s-1-3-billion-question-was-it-an-act-of-war

By David Voreacos, Katherine Chiglinsky, and Riley Griffin
Bloomberg Markets
December 2, 2019

By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north
of Philadelphia, there was a handwritten sign on the door: The computers are
down.

It was worse than it seemed. Some employees who were already at their desks at
Merck offices across the U.S. were greeted by an even more unsettling message
when they turned on their PCs. A pink font glowed with a warning: “Ooops, your
important files are encrypted. … We guarantee that you can recover all your
files safely and easily. All you need to do is submit the payment …” The cost
was $300 in Bitcoin per computer.

The ransom demand was a ruse. It was designed to make the software locking up
many of Merck’s computers—eventually dubbed NotPetya—look like the handiwork of
ordinary criminals. In fact, according to Western intelligence agencies,
NotPetya was the creation of the GRU, Russia’s military intelligence agency—the
same one that had hacked the Democratic National Committee the previous year.

“For two weeks, there was nothing being done. Merck is huge. It seemed crazy
that something like this could happen”

NotPetya’s impact on Merck that day—June 27, 2017—and for weeks afterward was
devastating. Dellapena, a temporary employee, couldn’t dig into her
fact-checking work. Interns and temps bided their time at their desks before
some of them were sent home a week later. Some employees gossiped, their screens
dark. Others watched videos on their phones.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_