NotPetya an act of war, a cyber insurance company accused of refusing to pay


Mondelez brought a lawsuit against Zurich Insurance Group in an effort to claim a $ 100 million damages award, while an insurance claim had not been paid in the framework of a NotPetya cyber attack.

The case, filed with the Cook County Court in Illinois (case 2018 L 011008), the allegation that the insurance company of the Spanish food giant Mondelez, Zurich, did not pay following the Attack of 2017.

An epidemic of NotPetya affected companies around the world, including TNT, Ukrainian banks, energy companies, airports and the shipping giant, Maersk.

In the case of Mondelez, the factories were disturbed and stopped production as staff struggled to regain control of their computers. In turn, NotPetya's attack would have affected the company's profit margins.

NotPetya is a type of ransomware software similar to Petya, but it has received many improvements and increased sophistication before being published as it should. separate the malware in his own family.

The ransomware will often use the Eternal blue and EternalRomance exploits to spread. Once run on a vulnerable Windows machine, the malware reboots the system and overwrites the master boot record (MBR) with a custom loader and a ransomware message that requests $ 300 in Bitcoin (BTC).

See also: Your 2018 cyber insurance guide is here

As reported by Bloomberg, the Mondelez-Zurich dispute has received an interesting facet in the field of cyberinsurance because of its attribution, which could prompt insurance companies around the world to re-examine their policies.

The US government said that cyberattacks were the work of the Russian army and were part of the Kremlin's "ongoing efforts to destabilize Ukraine and demonstrate more and more clearly Russia's involvement in the ongoing conflict".

The request was then judged Coordinated diplomatic action between countries such as the United States, Australia, the United Kingdom, Denmark, Lithuania, Estonia and Canada, all of which criticized Russia for the spread of NotPetya.

Russia denied any involvement, but the public link with NotPetya had an interesting effect on this lawsuit.

Mondelez reportedly attempted to claim $ 100 million under its insurance policy because of damage caused by NotPetya to thousands of servers and laptops, not to mention the theft of credentials. , discontinued customer orders and other losses caused by the outbreak of malware.

CNET: The iPhone is compatible with Android security with the new hardware key Yubico

While the insurance policy covered "physical loss or damage to electronic data, software or programs" by "the malicious introduction of a machine code or instruction", Zurich apparently chose to not to pay, citing the NotPetya propagated as "hostile or warlike action in peacetime or war", which therefore nullified the claim.

Marsh & McLennan arguehowever, as NotPetya, reached non-military targets that operated "in places far removed from the places or subject to any war;" the damage caused was purely economic and did not result in loss of life or injury; "The chaos caused by NotPetya was more like a propaganda effort than a military action aimed at" coercion or conquest, "to which the exclusion of war was destined to address."

"As the severity of cyber attacks continues to grow, insurers and insurance buyers will reexamine the question of whether war exclusion should apply to a cyber incident." said Matthew McCabe, senior vice president of Marsh. "In these cases, reaching the threshold of" warrior "activity will require more than a nation-state acting with malicious intent. […] most nation-state hackers still fall into the category of criminal activity. "

TechRepublic: CES 2019: How Winston Can Protect Consumers and Smart Offices Against Identity Thieves

By attributing these attacks to Russia, governments have created a dialogue on cyber warfare that could be used in other prosecutions in the future as part of a defense. Acts of war are difficult to claim, but on the other hand, any imputed attack can end up being considered as part of this story: let the victims assume the consequences of the situation despite the insurance policies in force.

Update 12:03 GMT: Zurich refused to comment on the ongoing trial.

ZDNet has contacted Mondelez and will update it if we have new news.

Previous and related coverage