NotPetya

Subscribe to NotPetya

On June 27, 2017, the skies over New Jersey were clear and the ground steady. But Merck & Co., a New Jersey-based pharmaceutical company, was under attack. Malware ripped through its computers, damaging 40,000 of them and causing over $1.4 billion in losses.
Merck was not the sole target. Dubbed “NotPetya,” the virus tore through the US economy, and did an estimated $10 billion in damage. (This post describes losses experienced by other companies.) The US Department of Justice charged six Russian nationals, alleged officers of Russia’s Intelligence Directorate (the GRU), for their roles in the NotPetya attack, among others.
Continue Reading Boots on the Ground or Hands on a Keyboard: Merck and Insurers Battle Out the War Exclusion

The City of Baltimore is the latest victim of increasingly common ransomware attacks. On May 7, 2019, unidentified hackers infiltrated Baltimore’s computer system using a cyber-tool named EternalBlue, developed originally by the United States National Security Agency to identify vulnerabilities in computer systems. However, the NSA lost control of EternalBlue, and since 2017, cybercriminals have used it to infiltrate computer systems and demand payment in exchange for relinquishing control. For instance, in Baltimore, the hackers have frozen the City’s e-mail system and disrupted real estate transactions and utility billing systems, among many other things. The hackers reportedly demanded roughly $100,000 in Bitcoin to restore Baltimore’s system. The city has refused to pay.

Continue Reading Will Insurers Declare “War”? The War Exclusion, the Ransomware Attack on Baltimore, and the NSA Cyber-Tool?

In an article appearing in CyberInsecurity News, Hunton insurance recovery partner, Michael Levine, comments on Zurich American Insurance Company’s attempt to invoke a so-called “war exclusion” as a basis for not paying business income losses suffered by snack food giant Mondelez International.  As Levine expains, so-called “war exclusions” have rarely been invoked and

Notwithstanding the absence of a congressional war declaration since Japan bombed Pearl Harbor, Zurich American Insurance Company has invoked a “war exclusion” in an attempt to avoid covering Illinois snack food and beverage company Mondelez International Inc.’s expenses stemming from its exposure to the NotPetya virus in 2017. The litigation, Mondelez Intl. Inc. v. Zurich Am. Ins. Co., No. 2018-L-11008, 2018 WL 4941760 (Ill. Cir. Ct., Cook Cty., complaint filed Oct. 10, 2018), remains pending in an Illinois state court.
Continue Reading Zurich Invokes War Exclusion in Battle Over Coverage for NotPetya Attack