A Look Back at The 2017 NotPetya Attack On Pharma Giant Merck


cyberattackReminiscing on the infamous NitPetya cyberattack on June 27, 2017.

Next month will mark the fifth anniversary of one of the most devastating cyberattacks in history, which cost pharmaceutical giant Merck over $850 million worth of damage and disrupted the production of its HPV vaccine. The NotPetya cyberattack, which took place on June 27, 2017, also caused Merck to lose over $400 million in potential sales. Besides Merck, thousands of companies worldwide were affected by the cyberattack. Investigations following the incident found that NotPetya, a variant of the encrypting malware family Petya, infiltrated Microsoft systems that did not have a particular security patch.


Gone But Never Forgotten

In Merck’s case, the malware spread like wildfire, compromising around 30,000 computers across the pharmaceutical company’s manufacturing, research, and sales units. Making matters worse, Merck’s insurers, Ace American, denied coverage for the cyberattack’s effects on the company’s networks, and Merck retaliated in 2018 by suing the Philadelphia-based insurance company. In January 2022, Merck won the $1.4 billion legal dispute against Ace American after a New Jersey court ruled in favor of the pharmaceutical giant.

This recent ruling is critical for Merck as the company continues to rebuild, but it also reminds us of the increasing threat of cybercrime. In fact, by 2025, cybercrime is forecasted to cost companies worldwide $10 trillion as malware becomes more advanced and personalized, allowing hackers to carry out extreme cyberattacks in real-time. As a result, cybersecurity should be at the forefront of everyone’s minds, from regular people to top executives at large-cap companies like Samsung and Nvidia, which both experienced data breaches at the start of the year. But how do we learn from society’s past mistakes and prevent further ones from occurring?


Protect Yourself When No One Else Will

How companies choose to protect their computer networks from cybercriminals is out of your control. All you can do is trust the process, but that doesn’t mean you can’t take at least a few matters into your own hands. Sometimes, implementing good cybersecurity practices comes down to simple things like improving the strength of your password and ensuring you’re using new ones for different accounts. You would be surprised by how many people don’t do this. According to ExpressVPN’s global password survey, the average person uses the same password for six accounts and/or websites. What’s more, the majority of these same passwords use easily retrievable personal details like someone’s date of birth, first name and last name, and even their social security number.

Downloading anti-malware software programs and keeping your computer’s security measures up to date are also good cybersecurity practices. After all, part of the reason the NotPetya cyberattack happened in 2017 was that Microsoft systems didn’t install an updated and necessary security patch. Likewise, educating yourself on cybercrime is just as important as taking physical action. For example, if you don’t know the difference between viruses and ransomware, how can you be sure what you’re seeing? Likewise, you have to know what Trojan horses are to recognize this malware’s different forms. According to this Access Systems article, the most common form of Trojan malware is “backdoor” Trojans.

The fifth anniversary of the NotPetya cyberattack will not pass silently. Affected companies like Merck are still recovering, but sometimes, the world has to be reminded of these devastations to ensure that we’re taking the appropriate measures to ensure something like the 2017 attack never happens again.