"Insurer Must Pay $1.4 Billion Due to Ransomware Damage"

Ace Insurance has been ordered to pay $1.4 billion to the pharmaceutical company Merck, which faced a ransomware attack by the Russian NotPetya. The insurer refused to pay since the incident was considered an "act of war." The US judge argued that Merck's all-risk insurance with Ace covered a potentially politically motivated hack. The case had been ongoing for five years. In June 2017, Merck fell victim to a NotPetya ransomware attack. Merck was infected through the accounting tool MEdoc and had to cope with 10,000 infected devices. It cost the company $850 million and impacted the development of an HPV vaccine. Furthermore, the company is said to have lost $400 million in sales. The Petya ransomware variant exploited an unpatched vulnerability in Microsoft software. Ace Insurance did not want to cover the losses, claiming that the attack was an act of war by Russia. A clause in US law exempts insurers from covering damages caused by acts of war. However, the judge rejected this line of defense. According to the judge, because it was an attack on accounting software, it could not be considered a military target. This article continues to discuss Ace Insurance having to pay $1.4 billion to Merck because of ransomware damage. 

Techzine reports "Insurer Must Pay $1.4 Billion Due to Ransomware Damage"