Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Merck has resolved a dispute with insurers regarding a $1.4 billion claim arising from the NotPetya malware incident. Merck and its insurers have agreed with a $1.4 billion claim arising from the large-scale NotPetya cyberattack. Merck & Co., Inc., known as Merck Sharp & Dohme (MSD) outside the United States and Canada, is an American […]

Merck notpetya man arrested

Merck has resolved a dispute with insurers regarding a $1.4 billion claim arising from the NotPetya malware incident.

Merck and its insurers have agreed with a $1.4 billion claim arising from the large-scale NotPetya cyberattack.

Merck & Co., Inc., known as Merck Sharp & Dohme (MSD) outside the United States and Canada, is an American multinational pharmaceutical company. It is one of the largest pharmaceutical companies globally, engaged in the research, development, manufacturing, and marketing of a wide range of healthcare products.

Merck filed a $1.4 billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. In August 2017, the pharmaceutical company revealed that the massive NotPetya cyberattack disrupted its worldwide operations.

The news was part of Merck’s financial results announcement for the second quarter of 2017, according to the pharmaceutical giant the ransomware destructed operations in several critical sectors, including manufacturing, research, and sales.

The analysis conducted on the ransomware revealed it was designed to look like ransomware but was wiper malware designed for sabotage purposes.

Attackers might have used a diversionary strategy to hide a state-sponsored attack carried out by Russia on Ukraine critical infrastructure.

Experts from Kaspersky’s conducted a similar research that led to a similar conclusion.

Unlike other ransomware, Petya does not encrypt files on the infected systems but targets the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable.

Merck had not taken out specific insurance to cover cyber attacks, it only had insurance coverage against general risks.

The NotPetya attack was considered by many cyber security experts as an act of silverware against Ukraine, however, it caused billions of dollars of losses to organizations worldwide.

These organizations were not the real targets of the attack, and insurers claimed that the damage was caused by an act of war explicitly excluded by the insurance.

In January 2022, Judge Thomas J. Walsh of the New Jersey Superior Court ruled in favor of the pharmaceutical firm. The judge ruled that it was not correct to apply the clause that excluded the damage caused by an act of war. The insurers appealed, but in May, the Superior Court of New Jersey Appellate Division ruled in favor of Merck in its $1.4 billion claim against the insurers.

The Judge did not recognize the attribution of the attack to a nation-state actor, but the insurers appealed again without success.

Follow me on Twitter: @securityaffairs and Faceboo and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NotPetya)