Jenner & Block

Client Alert: Recent Global Ransomware Attacks Raise Complex Issues for Cyber and Kidnap/Ransom Insurance Policyholders

A highly dangerous type of ransomware, or malware, infected thousands of systems in more than 100 countries on Friday May 12, 2017. The attacks do not seem to be over as of Monday, May 15, as many new attacks – possibly from different forms of ransomware – have been reported in Japan, Taiwan and South Korea. The initial ransomware attack was caused by something known as “WannaCry” or “WanaCyrpt0r 2.0” and is reported to exploit a security flaw in Microsoft software found by the National Security Agency for its surveillance toolkit. Although Microsoft, once warned by the NSA of the flaw, took steps to warn users of the problem last week, many systems remained open to attack, either because system administrators failed to apply the recommended patch or because they used outdated software. Washington Post, “Nations Race to Contain Hacks,” May 14, 2017, at A1. Ransomware locks down a user’s access to computer systems, data and other information, and threatens to continue this lock down, until it is removed or neutralized through the use of a decryption key. The hacker then demands the payment of a ransom, in bitcoin – which is typically untraceable – in exchange for the provision of the decryption key or other means of removing the malware. Here, the initial ransom demanded was only $300 or slightly more. Because these events trigger so many complex insurance coverage considerations, as described herein, a policyholder who has been the victim of a ransomware attack may wish to consider contacting experienced insurance coverage counsel as soon as the attack has been recognized.