NotPetya victim sues its insurance company
Zurich Insurance has cited a "nation-state action" exclusion
A US food distributor that was hit by the NotPetya cyber attack is taking legal action against its insurance company for refusing to pay out on a $100m claim for damages caused by the hack.
Mondelez, which owns popular brands Oreo and Cadbury, was hit by NotPetya twice in 2017, suffering significant damage to its IT infrastructure including hardware.
According to court papers filed in Illinois, seen by the Financial Times, 1,700 of Mondelez servers and 24,000 of its laptops were rendered "permanently dysfunctional".
NotPetya was first discovered in June 2017 and, unlike most ransomware, it wasn't designed to encrypt files for extortion. Indeed, its simple goal was to cause as much damage as possible and spread within an infected network, permanently scrambling filesystems.
Both the US and UK governments have attributed NotPetya to Russian hackers attacking the Ukrainian government - claims that have been denied by the Kremlin.
Mondelez originally made claims for the cost of these damages on its property insurance policy, taken out with Zurich. The policy suggested it was covered for physical loss or damage to electronic data, software and physical damage caused by the malicious code or instruction.
The documents claim that Zurich initially promised to pay a $10 million interim payment but later refused, citing an exclusion in the policy for "a hostile or warlike action" by a nation state or people acting on its behalf.
IT Pro has approached Zurich for comment but had not received a response at the time of publication.
Igor Baikalov, chief scientist at Securonix, believes that there's another reason to not pay out.
"Instead of a war exclusion clause, Zurich should have invoked a gross negligence clause, which is much easier to prove in this case than attribution to a nation-state, particularly considering Mondelez was hit twice by the same ransomware," he said.
"The "fool me once" proverb is fully applicable here: while many companies fall victims to ransomware, one of the first steps to recovery is to make sure it doesn't happen again."
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
