Multinational food and beverage company, Mondelez, has launched a legal case against its insurance provider, Zurich, after it rejected a $100 million (£78.5 million) claim for damage caused by a ransomware attack.
The firm, which owns the Cadbury, Toblerone and Ritz brands, was hit twice by NotPetya ransomware in 2017. Mondelez claimed that the attack had left 1,700 of its servers and 24,000 laptops “permanently dysfunctional”.
It said its property insurance policy with Zurich covered “physical loss or damage to electronic data, programs, or software, including physical loss or damage caused by the malicious introduction of a machine code or instruction”.
In court papers, the multinational said that Zurich initially worked to adjust the claim and, at one stage, promised to make a $10 million (£7.85 million) interim payment.
Ultimitely, Zurich refused to make any payout, stating that the policy did not cover “a hostile or warlike action” by a Government or sovereign power, or people acting for them.
Sarah Stephens, a cyber specialist at insurance broker JLT, told the Financial Times: “It’s a pretty bold move to rely on a war exclusion for a state-sponsored hack. Nobody has raised this exclusion before. The insurer would have to prove it and it’s so hard to prove attribution.”
Robert Stines, a cyber law specialist at the US law firm Freeborn, described the legal case as “a pretty big deal”.
He said: “I’ve never seen an insurance company take this position. It’s going to send ripples through the insurance industry. Major companies are going to rethink what’s in their policies.”
What is NotPetya Ransomware?
NotPetya is a variant of Petya ransomwware, which was first discovered in 2016.
Petya targets Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive’s file system table and prevents Windows from booting. It then demands that the user make a payment in Bitcoin in order to regain access to the system.
NotPetya was first spotted in June 2017 and was used for a global cyberattack, primarily targeting Ukraine. Unlike the original, NotPetya propagates via the EternalBlue exploit, which is thought to have been developed by the NSA.