NotPetya victim sues its insurance company

Zurich Insurance has cited a "nation-state action" exclusion

Broken Oreo biscuits (Mondelez owns Oreo)

A US food distributor that was hit by the NotPetya cyber attack is taking legal action against its insurance company for refusing to pay out on a $100m claim for damages caused by the hack.

Mondelez, which owns popular brands Oreo and Cadbury, was hit by NotPetya twice in 2017, suffering significant damage to its IT infrastructure including hardware. 

According to court papers filed in Illinois, seen by the Financial Times, 1,700 of Mondelez servers and 24,000 of its laptops were rendered "permanently dysfunctional".

NotPetya was first discovered in June 2017 and, unlike most ransomware, it wasn't designed to encrypt files for extortion. Indeed, its simple goal was to cause as much damage as possible and spread within an infected network, permanently scrambling filesystems.

Both the US and UK governments have attributed NotPetya to Russian hackers attacking the Ukrainian government - claims that have been denied by the Kremlin. 

Mondelez originally made claims for the cost of these damages on its property insurance policy, taken out with Zurich. The policy suggested it was covered for physical loss or damage to electronic data, software and physical damage caused by the malicious code or instruction.

The documents claim that Zurich initially promised to pay a $10 million interim payment but later refused, citing an exclusion in the policy for "a hostile or warlike action" by a nation state or people acting on its behalf.

IT Pro has approached Zurich for comment but had not received a response at the time of publication.

Igor Baikalov, chief scientist at Securonix, believes that there's another reason to not pay out. 

"Instead of a war exclusion clause, Zurich should have invoked a gross negligence clause, which is much easier to prove in this case than attribution to a nation-state, particularly considering Mondelez was hit twice by the same ransomware," he said.

"The "fool me once" proverb is fully applicable here: while many companies fall victims to ransomware, one of the first steps to recovery is to make sure it doesn't happen again."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020