Danish hearing aid manufacturer Demant has revealed that a suspected ransomware attack on its systems in September could cost the company over $95 million.
The company experienced a 'critical incident' on September 3, but refuses to elaborate on the nature of the attack. Some researchers have speculated there are many indicators that it could be a ransomware attack that hit the firm causing a critical crash in the IT Infrastructure.
Demant has confirmed they had backed up data, but the scale of the attack looks to have had a major impact on its recovery efforts.
The firm claims that their immediate response was to shut down all IT systems across all sites and business units to contain and limit the issue, but key business processes were heavily impacted by this incident, including research and development, production, and distribution.
Demant claimed, "We continue ramping up to accommodate the backlog built up since the incident, to rebuild necessary inventories across the supply chain and to reduce turnaround times of repair and custom-made hearing aids. We are still in the recovery and ramp-up phase at our amplifier production site in Denmark and at our cochlear implants production site in France.”
Experts estimate that outages will cost the firm somewhere in the region of DKK 550-650m ($80-95m), which includes a DKK 100 ($15m) deduction from the company's cyber insurance policy.
Demant estimates DKK 50M ($7m) in direct losses from this incident. The company's wholesale business was particularly negatively impacted, accounting for over half of estimated losses in sales.
Demant added, "The incident has prevented us from executing our ambitious growth activities in some of the most important months of the year – particularly in the US, which is our biggest market."
The company claims that the main priority was to focus on existing customers and prevent them from being impacted in any way by this security incident. This focus is said to have a significant impact on their sales and will more than likely negatively impact their organic growth rate throughout the rest of 2019.
This incident should serve as yet another cautionary tale for organizations unprepared to deal with a ransomware attack. The number of attacks continues to spread across the globe and organizations must have defenses in place to minimize the potential damage. Just yesterday in the United States the Senate passed a new law that would require the federal government to provide more support for organizations hit by ransomware called the DHS Cyber Hunt and Incident Response Teams Act.
To defend against these attacks, NNT suggests requesting a customized ransomware mitigation kit comprised of all the necessary automated vulnerability checks and group policy templates to automatically fix any weaknesses in your systems.