[BreachExchange] Ransomware incident to cost Danish company a whopping $95 million

[Destry Winant]

https://www.zdnet.com/article/ransomware-incident-to-cost-danish-company-a-whopping-95-million/

Demant, one of the world's largest manufacturers of hearing aids,
expects to incur losses of up to $95 million following what appears to
be a ransomware infection that hit the company at the start of the
month.

This marks one of the most significant losses caused by a
cyber-security incident outside of the NotPetya ransomware outbreak --
known to have incurred companies like shipping giant Maersk and
courier service FedEx losses of over $300 million, each.

Demant's losses also outweigh the damage caused by a ransomware
incident at aluminum producer Norsk Hydro, initially estimated at $40
million, but which is now expected to reach $70 million.

DEMANT SECURITY INCIDENT

Demant's troubles began at the start of the month, on September 3,
when in a short statement on its website, the company said it was
shutting down its entire internal IT infrastructure following what it
initially described as "a critical incident."

What really happened on the company's network, we'll never know, as
Demant never revealed anything except that its "IT infrastructure was
hit by cyber-crime."

Reports in Danish media[1, 2] pegged the incident as a ransomware
attack, and it sure did look like one from the outside.

Per its own statements, all the company's infrastructure was impacted
-- and impacted severely.

This included the company's ERP system, production and distribution
facilities in Poland, production and service sites in Mexico, cochlear
implants production sites in France, amplifier production site in
Denmark, and its entire Asia-Pacific network.

Companies usually recover after data breaches within days; however,
Demant took weeks, is still recovering assets today, and expects to
take two more weeks to recover in full. This pattern of destruction
that takes months to recover from is usually encountered during
ransomware infections only.

INCIDENT HAS LONG-LASTING EFFECTS ON DEMANT'S BUSINESS

But while the company's staff have been recovering IT infrastructure,
the biggest losses came from the impact of not having access to these
systems in the first place.

The company reported "delays in the supply of products as well as an
impact on our ability to receive orders."

Furthermore, "in our hearing aid retail business, many clinics across
our network have not been able to service end-users in a regular
fashion."

These business upheavals have been a disaster for the company's bottom
line. In a message to its investors, Demant said it expects to lose
somewhere between $80 million and $95 million.

The sum would have been higher, but the company expects to cash in a
$14.6 million cyber insurance policy.

Most of the losses have come from lost sales and the company not being
able to fulfill orders. The actual cost of recovering and rebuilding
its IT infrastructure were only around $7.3 million, a small sum
compared to the grand total.

"Approximately half of the estimated lost sales relates to our hearing
aid wholesale business. The incident has prevented us from executing
our ambitious growth activities in some of the most important months
of the year - particularly in the US, which is our biggest market,"
Demant said in a press release last week.

"A little less than half of the estimated lost sales relates to our
retail business where a significant number of clinics have been unable
to service end-users in a regular fashion. We estimate that our retail
business will see the biggest impact in Australia, the US and Canada
followed by the UK. The vast majority of our clinics are now fully
operational, however, due to the effect of the incident on our ability
to generate new appointments during September, we expect some lost
sales in the next one or two months, which is also included in the
current estimate.

"Our remaining business activities, Hearing Implants, Diagnostics and
Personal Communication, have also been impacted by the incident, but
with a relatively smaller overall Group impact due to the nature and
size of these businesses," it added.

The company expects the incident to have a long-lasting effect on its
bottom line, proving again why businesses can't ignore their
cyber-security posture anymore.

Demant is not the only major company to suffer a major cyber-security
infection in the past year. Past incidents mostly include ransomware
incidents, such as those at defence contractor Rheinmetall, airplane
parts manufacturer Asco, aluminum provider Norsk Hydro, cyber-security
firm Verint, the UK Police Federation, utility vehicles manufacturer
Aebi Schmidt, Arizona Beverages, engineering firm Altran, the
Cleveland international airport, and chemicals producers Hexion and
Momentive.