NotPetya Victim Mondelez Sues Zurich Insurance for $100 Million

Mondelez, US food distributor and owner of major brands Ritz and Nabisco, has filed a lawsuit against Zurich Insurance Group after its claim seeking $100 million for NotPetya damage was denied.

NotPetya struck global companies with a massive ransomware attack back in 2017. Instead of encrypting data and demanding money for its return, as most ransomware attacks do, it aimed to wreak havoc by permanently damaging files. A new Financial Times report states 1,700 Mondelez servers and 24,000 laptops were permanently damaged in the global attack.

Mondelez's insurance policy covered "physical loss or damage to electronic data, programs, or software" with "the malicious introduction of a machine code or instruction," ZDNet points out. Zurich rejected the $100 million claim, saying the NotPetya attack was "hostile or warlike action in time of peace or war." This voided the claim; now Mondelez is suing Zurich in response.

The case prompts a question of how "war exclusion" factors into cyberattacks evolving in size and strength. In February 2018, the UK government officially declared Russia's military was responsible for the NotPetya campaign, which was aimed at destabilizing Ukraine and spread around the world.

Read more details here.