WPP is aiming to resume normal operations following yesterday’s (27 June) widespread cyber attack which ground several of its businesses to a halt.
WPP-owned agencies including GroupM, MediaCom, Maxus, JWT and Y&R saw their computer systems, phones and e-mail affected by the ransomware attack which locked out computers with a message saying the user's files had been encrypted and would only be free once they paid 300 in bitcoin.
An example of the “Petya” ransomware used in the attack, similar to the WannaCry ransomware that hit thousands of computers around the world last month.
Following news of the digital breach WPP sent an email to its agencies, seen by The Drum, which instructed them to immediately turn off and disconnect all Windows servers, PCs and laptops until further notice.
In a statement released today, WPP said that not all its companies were subject to the hack.
“On Tuesday 27 June a number of WPP companies – though not all – were affected by the ransomware attack that hit organisations around the world,” the statement said.
It continued: “We are working with our IT partners and law enforcement agencies to take all appropriate precautionary measures, restore services where they have been disrupted, and keep the impact on clients, partners and our people to a minimum. Having taken steps to contain the attack, the priority now is to return to normal operations as soon as possible while protecting our systems.
“Our operations have not been uniformly affected, and issues are being addressed on a company-by-company basis. Many of our businesses are experiencing no or minimal disruption.”
WPP maintained many of its companies were no longer experiencing any disruption, however Maxus Scotland sent a tweet suggesting that its emails were still not working.
— Maxus Scotland (@MaxusScotland) June 28, 2017
According to a hacker who spoke to The Drum, it is unlikely that WPP was targeted directly in the attack and the array of those affected, such as banks and government offices, gives weight to this theory.
Mondelez International also appears to have been hit in the cyber strike. Yesterday, Heidi Hauer, a spokesperson for the company, said: "I can confirm that our employees are experiencing difficulties in various geographies. We are investigating the issue."
No other agency network has been involved, with Omnicom, Interpublic Group (IPG), Havas and Dentsu Aegis all denying being experiencing any breach in their systems.
The Ukrainian central bank, Russian oil producer Rosneft and Danish shipping company Maersk were also victims of the ransomware.