A US food distributor that was hit by the NotPetya cyber attack is taking legal action against its insurance company for refusing to pay out on a $100m claim for damages caused by the hack.
Mondelez, which owns popular brands Oreo and Cadbury, was hit by NotPetya twice in 2017, suffering significant damage to its IT infrastructure including hardware.
According to court papers filed in Illinois, seen by the Financial Times, 1,700 of Mondelez servers and 24,000 of its laptops were rendered "permanently dysfunctional".
NotPetya was first discovered in June 2017 and, unlike most ransomware, it wasn't designed to encrypt files for extortion. Indeed, its simple goal was to cause as much damage as possible and spread within an infected network, permanently scrambling filesystems.
Both the US and UK governments have attributed NotPetya to Russian hackers attacking the Ukrainian government - claims that have been denied by the Kremlin.
Mondelez originally made claims for the cost of these damages on its property insurance policy, taken out with Zurich. The policy suggested it was covered for physical loss or damage to electronic data, software and physical damage caused by the malicious code or instruction.
The documents claim that Zurich initially promised to pay a $10 million interim payment but later refused, citing an exclusion in the policy for "a hostile or warlike action" by a nation state or people acting on its behalf.
IT Pro has approached Zurich for comment but had not received a response at the time of publication.
Igor Baikalov, chief scientist at Securonix, believes that there's another reason to not pay out.
"Instead of a war exclusion clause, Zurich should have invoked a gross negligence clause, which is much easier to prove in this case than attribution to a nation-state, particularly considering Mondelez was hit twice by the same ransomware," he said.
"The "fool me once" proverb is fully applicable here: while many companies fall victims to ransomware, one of the first steps to recovery is to make sure it doesn't happen again."
-
How xFusion is changing the way we power AI and HPC with ‘Black Technology’Power, data, and heat efficiency are all major sticking points for AI – but proprietary technology from xFusion is seeking to address all three
-
Is the aging workforce a problem or an opportunity for the channel?Industry Insights An aging workforce is reshaping the industrial landscape, creating operational challenges and growth opportunities. The solution may lie in how technology, people, and partnerships converge...
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
