June 2017 saw one of the world’s most costly malware outbreaks ever. The NotPetya ransomware, initially spread via a malicious automatic update to a popular Ukrainian accounting software tool, hit companies around the world including advertising giant WPP, household goods manufacturer Reckitt Benckiser, FedEx subsidiary TNT Express, and international shipping logistics company Maersk.
Shipping conglomerate Maersk later estimated that the NotPetya ransomware cost them as much as $300 million in lost revenue. Reckitt Benckiser, the firm behind such brands as Nurofen and Durex, blamed the malware attack for a $100 million loss in revenue.
One of those organisations hit by NotPetya was multinational law firm DLA Piper. The business, with a presence in over 40 countries, reportedly had a “flat network structure globally”, allowing every data centre and Windows-based server on its network to be impacted by NotPetya.
Wiping its systems and starting again must have been costly, even before you start counting the 15,000 hours of extra overtime it reportedly paid its IT staff. So, it’s no surprise to hear that DLA Piper is interested in claiming back some of that expense from its insurers, Hiscox.
As The Times reports today, DLA Piper has started proceedings against Hiscox, saying that the insurance firm has failed to pay out for the damages and costs associated with the NotPetya attack - a claim which may amount to several million pounds.
From the sound of things, Hiscox is refusing to pay up because of the “act of war” exclusion clause commonly found in insurance policies. The UK government, you may recall, has officially stated that the Russian military was “almost certainly” behind the NotPetya attack.