The Real Story of True Arrogance & Stupidly .Real Great Idea to Fire all IT people & Outsource to eastern.
Merck missed two critical opportunities earlier this year to inoculate themselves from the vicious cyberattack they suffered this week, roiling operations and raising questions about their lack of preparation to defend themselves.
The June 27 “Petya/NotPetya” cyberattack
hit the multinational Merck and several other companies, such as the law firm DLA Piper, shipping giant Maersk, and even a West Virginia hospital, which was
forced to scrap its electronic medical records in favor of paper.
The core technology in Petya is called ETERNALBLUE and it was developed by American spy agencies, the
Washington Post previously reported. Obviously, it was never intended for wide distribution. It relied on bugs in Windows that Microsoft presumably wasn’t aware of until earlier this year, when a group of still-unknown hackers calling themselves ShadowBrokers allegedly broke into the US NSA and demanded
payment in exchange not releasing the ultra-secret exploits.
The stolen tools were eventually dumped on the internet.
In March, Microsoft quickly
issued a critical bulletin advising IT administrators of the precise steps needed to patch their systems to prevent hackers — ranging from the state-sponsored to lone-wolves — in using the ETERNALBLUE technology to gain unauthorized access to their networks. Experts recommend
critical bulletins be installed immediately, versus merely
recommended ones, which large companies sometimes test out before deploying to a large network.
Then in May, the first global attack based on this exploit, dubbed WannaCry, spread widely, notably shutting down sixteen hospitals in the UK.
Microsoft issued yet
another patch in the aftermath, and along with the most prominent security firms worldwide, began pleading with companies to immediately employ these crucial patches to prevent unauthorized access to private networks.
So after continuous warnings from Microsoft starting in March, with two critical software updates, and a global cyberattack in May which showed the potential impacts on the healthcare industry, Merck still neglected to update their systems.
Repeated attempts to contact Merck have been unsuccessful.