Ransomware Attacks Highlight Need for Cyberinsurance Coverage
A ransomware attack, like the Petya and WannaCry attacks, disables the user's computer system and all its data. A note in a text file then appears stating that in order to unlock the computer and access its data, a ransom must be paid, typically in the form of Bitcoin. The hackers threaten to delete all data on the computer system if payment is not sent, write Walter J. Andrews and Katherine E. Miller.
August 02, 2017 at 11:00 AM
4 minute read
Recently, a ransomware attack, known as the “Petya” cyberattack, spread from Ukraine to more than 60 countries, and shut down major shipping companies, a pharmaceutical company, an airline booking company, hospitals in Pennsylvania, a major international law firm and even a Cadbury chocolate factory in Australia. This comes only a month after the “WannaCry” malware attack, one of the worst and most widespread cyberattacks, which affected over 200,000 victims in at least 150 countries, including Britain's National Health Service, FedEx and automakers Renault and Nissan. A ransomware attack, like the Petya and WannaCry attacks, disables the user's computer system and all its data. A note in a text file then appears stating that in order to unlock the computer and access its data, a ransom must be paid, typically in the form of Bitcoin. The hackers threaten to delete all data on the computer system if payment is not sent.
These attacks, which are expected to be on the rise, are a reminder of the importance of cyberinsurance coverage. It is estimated by risk-modeling firm Cyence that the recent Petya and WannaCry attacks will result in $8 billion in economic losses. Businesses affected by these types of attacks can incur significant loss, including for the ransom amount, resulting business interruption, the cost of any lost data, damage to customers and other third parties, and associated public relation expenses. Most commercial general liability policies and property policies exclude coverage for cyber-related losses. Thus, it is important for businesses to ensure they have comprehensive coverage for cyber-related attacks.
To be covered for ransomware attacks, cyberinsurance policies should explicitly include coverage for cyberextortion, including for the payment of ransom to unencrypt data and restore network access after an attack has already occurred—not just to prevent a potential future attack. Most policies only cover “threats” to commit an attack, and do not explicitly cover ransom to unencrypt data after unauthorized access has already occurred. Additionally, it is important to ensure that this coverage includes expert and consultant costs for responding to the threat. In some instances, paying the ransom amount may not be enough and a “kill switch” for the malware software may be necessary to stop the attack. After the attack, investigation costs may be necessary to determine why the business' network was vulnerable in the first place and to determine the source of the attack. It is also essential that coverage for cyberextortion provide for the payment of ransom in the form of Bitcoin or other digital currency.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Second Circuit Ruling Expands VPPA Scope: What Organizations Need to Know
6 minute read
Scammers Target Lawyers Across Country With Fake Court Notices
Confusion Over New SEC Cyber Rules Leading Firms to Overstate Attack Readiness
Trending Stories
- 1Gibson Dunn Sued By Crypto Client After Lateral Hire Causes Conflict of Interest
- 2Trump's Solicitor General Expected to 'Flip' Prelogar's Positions at Supreme Court
- 3Pharmacy Lawyers See Promise in NY Regulator's Curbs on PBM Industry
- 4Outgoing USPTO Director Kathi Vidal: ‘We All Want the Country to Be in a Better Place’
- 5Supreme Court Will Review Constitutionality Of FCC's Universal Service Fund
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
