At Mondelez International, a giant maker of snacks, thousands of servers and computers were rendered useless and production lines at some factories ground to a halt. The company said on Thursday that shipping and invoicing had been disrupted during the last four days of the most recent financial quarter, but that a “critical majority” of its systems were back up and running. Hospitals across the United States have not been able to create electronic records for more than a week after the software maker Nuance Communications experienced significant problems with its computers. On Thursday, it was not clear when all of the company’s systems would be working properly.
Reckitt Benckiser, which makes Lysol spray, lowered its sales forecasts on Thursday, citing disruptions to its supply chain. And at DLA Piper, a global law firm, employees said it might be a while before all systems returned to normal.
“We are working with leading industry professionals to bring these back in a graduated way when we are satisfied that appropriate safeguards are in place to bring them online securely,” John Lovallo, a DLA Piper spokesman, said in a statement.
Investigators were still sorting through the digital crumbs left behind after last week’s crippling cyberattacks, known as NotPetya or Nyetya. Early signs pointed toward Russia, although it was unclear who in particular may have been responsible.
The attacks initially targeted government agencies, banks and companies in Ukraine. About 2,000 organizations there were hit on the eve of Constitution Day, a Ukrainian national holiday commemorating the country’s first constitution after breaking away from the Soviet Union. And the initial infection point was accounting software used primarily by businesses and government agencies in Ukraine.
But collateral damage from the attack took down computers across the world, including major multinational companies that do business with Ukraine.
“There’s more to this story than what’s been told,” said Jaime Blasco, the vice president and chief scientist at AlienVault, a cybersecurity company that has been conducting a forensic investigation of the intrusion. “Based on our analysis, this attack was really, really bad. Companies that weren’t using best security practices were wiped out.”
At Mondelez, which makes products including Oreo cookies, Ritz Crackers and Trident gum, it took less than 20 minutes for hackers to destroy data on thousands of servers, and to cause the company’s production facilities around the globe — including a Cadbury chocolate factory in the far reaches of Tasmania — to shut down.
As many as 30,000 Mondelez employees had their digital data wiped, many without adequate backups, according to two people briefed on the impact who were not allowed to discuss it publicly.
In a statement, Mondelez said it believed that it had contained the issue and that a “critical majority of the affected systems are up and running again.” The company said that it expected to incur one-time costs from the attack in its second and third quarters, but it reaffirmed its revenue outlook of “at least 1 percent growth.”
That was not the case at Reckitt Benckiser, a British maker of consumer goods. On Thursday, the company was forced to trim its sales forecast for the year — from 3 percent growth down to 2 percent — as a result of NotPetya’s impact on its manufacturing and distribution. Based on last year’s revenue, that would amount to about $130 million.
NATO officials last week questioned whether the attack would cause the alliance’s mutual defense clause, Article 5 of the North Atlantic Treaty, to be invoked. Jens Stoltenberg, the NATO secretary general, told reporters that members agreed last year that such attacks could have that effect and pledged to help Ukraine bolster its cybersecurity defenses.
Officials in Britain took a harder line. Michael Fallon, the British defense secretary, said the country would consider retaliating against cyberattacks with military force.
In the United States, Thomas Bossert, the homeland security and counterterrorism adviser, said if the culprit was the Russian government or hackers working on its behalf, it was a foolish effort, because companies there — most notably Rosneft, the government-owned oil company — were also hit.
Like the WannaCry attacks that spread around the world in May, the attackers behind the episode last week used hacking tools that exploited vulnerabilities in Microsoft software. Some of the tools were stolen from the National Security Agency, and a group called the Shadow Brokers made them public in April.
Although the security agency has never acknowledged that its hacking tools were stolen — let alone used in the two major attacks — many security experts worry that there are other agency tools ready to be used by hackers. And they are calling on the N.S.A. to help the rest of the world defend against them.
Brad Smith, the president of Microsoft, called on the agency to “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
