The Danish hearing aid manufacturer Demant has quickly piled up a £78 million bill associated with a cyber-incident that struck the company in early September.
In a 26 September financial statement, the company revealed how the cyber-incident that began on 3 September has impacted the company’s financial situation. Demant executives credited the quick action taken by the firm’s IT department in shutting down its network for containing the attack and limiting damage. Additionally, the fact the data was backed up is enabling the company to recover.
Demant has not stated what type of attack took place, but did note it was a victim of a cyber-crime.
The recovery is expected to take another two-to-three weeks. Demant will focus its efforts on rebuilding inventory levels, which were depleted when it was forced to shut down production in the aftermath of the attack.
"Our current preliminary assessment indicates a total negative financial impact on EBIT in 2019 in the range of DKK 550-650 million [$80 million to $95 million], which includes the deduction of an expected insurance coverage of approx. DKK 100 million. This impact is predominately related to the estimated lost sales and weakening of growth momentum. Included in the financial impact, we expect to incur costs of DKK 50 million directly related to the incident," the company said.
Demant’s losses, to date, are not as extreme as those suffered by shipping giant Maersk, which lost about $300 million, as did FedEx.
In an email to SC Media UK Jérôme Robert, CMO at Alsid, commented: "Hot on the heels of Norsk Hydro, the NHS and 22 towns and cities in Texas, Demant is the latest high-profile victim to suffer huge financial losses as the result of a ransomware attack. The company itself has cited US$ 95 million of expected costs, but Denmark's Data Protection Agency will rule on any possible punishment for the firm under the GDPR, and the reputational damage from this incident will be long-lasting and hard to quantify.
"The most likely way to navigate a large company such as Demant to extract information or corrupt a whole system is via lateral movement across endpoints and accounts using the Active Directory.
"Hacking into the Active Directory can take less than 20 minutes, and in Demant’s case a state-sponsored attacker is suspected – and hacking the Active Directory is an easy task for such a sophisticated attacker. Some hackers will go so far as to lay dormant within a system for several months, or even years to gain intel and use it to achieve maximum impact at the most opportune time. Imagine a parasite living inside your body, camping out undetected and becoming stronger all the time. When your body is at its weakest, it attacks, delivering maximum (potentially fatal) damage. If you felt you might have a worm, you'd go to the doctor. IT security is a similar proposition. Facing such high risks, you should assume you have a worm in your system already and take precautions."
The original version of this article was published on SC Media US.