Multinational pharma giant Merck and its insurers settled for $1.4 billion to cover losses that the company suffered during the infamous NotPetya cyberattack in 2017.
While the settlement details were not disclosed, the deal was struck at the last minute before an oral argument in front of the judge could occur. Bloomberg Law reported that the deal might have allowed insurers to avoid a national precedent over nation-state hacking, which could have impacted the cyber insurance market.
The Germany-headquartered Merck was not covered by cybersecurity insurance but relied on its “all-risks” coverage. Ace American, Merck’s insurance provider at the time, refused to reimburse the company, classifying NotPetya attacks as an act of war.
NotPetya malware, an encrypting malicious code, primarily targeted machines running on Windows OS. The malware encrypted the hard drive and prevented the system from booting. While researchers discovered the first iterations of the Petya malware family in 2016, the NotPetya malware first appeared in a global attack in 2017.
The attacks primarily targeted Ukraine, with 80% of all infected devices found in the country. However, the spillover effect was massive, with reportedly 40,000 Merck-owned devices infected due to the attack. The company claims it suffered $1.4 billion in losses from the disruption.
The malware spread via a Ukrainian tax accounting package widely used by tax accountants in Ukraine and Ukrainian businesses operating abroad. The attack devastated Ukrainian IT systems, shutting down the radiation monitoring system at the Chornobyl Nuclear Power Plant, several major banks, airports, the Ukrainian railway, and other critically essential organizations.
Merck is a science and technology multinational company focusing on the pharmaceutical and chemicals industries. The company, which employs over 60K staff, acheived revenues exceeding $59 billion in 2023
In April 2022, the US State Department announced that it was offering a reward of $10 million for information leading to the capture of individuals behind the 2017 attacks, primarily directed at critical infrastructure.
According to US authorities, GRU officers Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin deployed malware for the benefit of Russia.
Your email address will not be published. Required fields are markedmarked