US pharmaceutics giant Merck was severely affected by the NotPetya ransomware outbreak that took place at the end of June, and the company is still struggling to restore all systems and resume normal operations, according to an 8-K report filed with the US Securities and Exchange Commission (SEC).

Filed last Friday, the report reveals that the NotPetya ransomware has had a severe impact on Merck's global operations, affecting the company's manufacturing, research, and sales operations.

The company is in the process of restoring its manufacturing operations. To date, Merck has largely restored its packaging operations and has partially restored its formulation operations. The company is in the process of restoring its Active Pharmaceutical Ingredient operations but is not yet producing bulk product. The company’s external manufacturing was not impacted.

Despite the events, Merck says it continued to fulfill orders and ship product, most likely from previous stocks. Merck also says that it will continue to ship key products such as KEYTRUDA, JANUVIA, and ZEPATIER, critical drugs for various illnesses.

Merck says financial outcome was affected

As an outcome of this month-long downtime to production capabilities, the company has reduced its yearly estimated EPS (earnings per share). Despite the gloomy announcement, Merck stock hardly took a hit on Friday or over the weekend, remaining at a steady level.

Merck is only one of the many companies that were affected by the NotPetya ransomware. This malware was spread via a tainted software update from the servers of MEDoc, a Ukrainian company that makes accounting software.

The booby-trapped MEDoc update was spread to Ukrainian businesses and helped install the NotPetya ransomware on their PCs. Most victims were Ukrainian companies.

NotPetya affected other major companies

NotPetya also included a self-spreading component that infected computers on the same local networks. In the case of multinational companies, it was this component that spread NotPetya to other offices in other countries.

This is how international companies got infected with a threat designed to target only Ukrainian businesses. Documented victims include Danish container transportation giant Maersk; Spanish food conglomerate Mondelez and law firm giant DLA Piper; UK marketing firm WPP; French construction materials manufacturer Saint-Gobain; and Russian oil giant Rosneft.

A Cyberscoop article details how NotPetya affected Merck's operation on a day-to-day basis, four days after the initial infections. Initially, staff were asked to not turn on their computers and tablets, and later were allowed to access the company's email server only via a webmail client. The company also asked sales reps to go into a Low-Fi mode, only allowing employees to use phones to get in contact with customers.

Besides Merck, NotPetya also caused major damages at another US company. Two weeks ago, FedEx said the NotPetya outbreak produced permanent damages to some of its international courier delivery systems.

Related Articles:

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

Company Pretends to Decrypt Ransomware But Just Pays Ransom

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

Ransomware Infects 100K PCs in China, Demands WeChat Payment

Chinese Police Arrest Dev Behind UNNAMED1989 WeChat Ransomware