epa06053501 Chocolate bars of the Australian company Cadbury, production of which has been reportedly temporarily halted at the Hobart factory of Cadbury due to a ransomware attack, in Launceston, Tasmania, Australia, 28 June 2017. Kaspersky Lab reported that the malware, despite resembling 'Petya' malware that affected computers last year, is believed to be a new type of ransomware, which the cybersecurity company called 'ExPetr'. The ransomware has reportedly affected mostly Ukraine and Russia and several cases were also found in Poland, Italy, Britain, Germany, France, the US and several other countries, with around 2,000 cases reported so far. The ransomware has reportedly affected US pharmaceutical giant Merck, Russia's oil producer Rosneft, Ukrainian central bank, Spanish food company Mondelez, who owns Cadbury chocolate factory and French shipping company TNT, among other global companies.  EPA/BARBARA WALTON

Two of the world’s largest consumer goods companies warned on Thursday their revenues had been hit by last month’s global cyber attack, the first sign the malware had a larger financial impact on multinationals than previously disclosed.

Mondelez International, maker of Oreo cookies and Cadbury chocolates, estimated the attack would shave three percentage points from second-quarter sales growth because of disruptions to shipping and invoices. The US company’s net revenues were $6.4bn in the first quarter.

Its announcement came a few hours after UK-based Reckitt Benckiser, maker of Nurofen painkillers, Durex condoms and Vanish stain remover, said it expected sales would be hit by an estimated £110m this year. It projecting a second quarter like-for-like sales drop of 2 per cent, cutting annual revenue growth by a full percentage point.

Reckitt cautioned that this was not a final estimate since it had not yet recovered fully from the attack.

Mondelez also said it expected to incur “incremental one-time costs” in the second and third quarters, but maintained its guidance of “at least one per cent” organic revenue growth for the year.

Despite its more limited global spread than the WannaCry cyber attack in May, the impact of the “Petya” malware on organisations it has infected is proving to be far more severe. 

Cyber security experts dealing with the attack, which started in Ukraine, have advised stricken clients there is no hope of recovering infected systems. Unless organisations have backups of encrypted data, it is lost for good, they have warned.

Western security officials say the severity of Petya’s impact points to its true purpose: not monetary gain, but pure destruction. Researchers at many of the world’s largest cyber security firms — including FireEye, Talos, ESET, Symantec and Bitdefender — have come to the same conclusion.

“We believe with high confidence that the intent of the actor behind [Petya] was destructive in nature and not economically motivated,” Talos, the cyber security arm of Cisco told clients this week. 

Other big companies hit have also struggled to get their systems back online more than a week after the initial attack. 

AP Moller-Maersk, the world’s largest shipping company, said cargo remains stuck at its ports in Sudan, Benin, Syria, Colombia and Lebanon because of debilitated computer systems. Fifteen ports are still experiencing problems, with one terminal totally unable to dock or unload ships. 

At DLA Piper, one of the world’s biggest law firms, employees’ access to emails and documents continue to be severely curtailed in what insiders have called a “disaster”. WPP, the advertising agency owner, and package delivery group TNT, a unit of FedEx, also said they are not back to normal.

“The force of this virus was very significant. All the affected companies that we’ve been in touch with, are still impacted,” said Rakesh Kapoor, Reckitt chief executive. “We are dealing with something unknown to the world. No one had a solution.”

Once Petya has infected a computer, it modifies the machine’s master boot record — a process that would be hard for a criminal blackmailer to wind back. According to Symantec, subsequent encryption of files by Petya also appears to be irreversible. 

Western intelligence points towards the Russian government as the culprit for the attack. But disclosable intelligence to back up such claims is still fragmentary, and accusing the Kremlin openly — as US president Donald Trump prepares to meet Vladimir Putin for the first time at the G20 summit — would also be a step fraught with political sensitivities. 

Reckitt said Petya disrupted its ability to manufacture and distribute its products to customers in many of the 60 countries in which it operates. “We were unable to ship and invoice some orders to customers before the close of the quarter. Some of our factories are currently still not operating normally but plans are in place to return to full operation,” the company said.

Though it expected some recovery in its third quarter, Reckitt said the infection would limit full year sales growth to 2 per cent, instead of 3 per cent.

That equates to a drop of £112m in annual revenues, according to downgraded estimates from Investec. Eddy Hargreaves, analyst said he now expected Reckitt to report revenues this year of £11.95bn, down from its previous forecast of £12.1bn.

Mondelez said it was “still assessing the full financial impact of this event” but was “making good progress” in restoring its systems.

Reckitt shares fell by 1.5 per cent to £75.83. Mondelez shares dropped 1.2 per cent to $42.55 in after-hours trading. 

Additional reporting by Anna Nicolaou, Aliya Ram and Barney Thompson

Get alerts on Cyber Security when a new story is published

Copyright The Financial Times Limited 2020. All rights reserved.
Reuse this content (opens in new window)

Commenting on this article is temporarily unavailable while we migrate to our new comments system.

Note that this only affects articles published before 28th October 2019.

Follow the topics in this article