MSP Customers Hit by Ransomware Attack 2019-02-08
Well, we knew this was possible. DarkReading reports that between 1,500 and 2,000 endpoint systems and servers were hit by a Gandcrab ransomware attack this week. The managed service provider is reported to be U.S. based. The attack vector was a vulnerable MSP plug-in used for remote monitoring and management. The ransom amount demanded? USD $2.6 million. The article's quote from Huntress Labs Chief Architect Chris Bennet sums it up, and stands as clarion call to both MSPs, their customers: "From the MSP's standpoint, the tool they use to manage everything was
just used against them" to inflict damage on customers...Everyone is looking at the
attack and saying, 'This could have been me.'" It will be interesting to see how the MSP customer's insurance (cyber and otherwise) deal with claims. Hint: Was a nation-state responsible?
Link to article: https://ubm.io/2BuKxS9
Friday, February 08, 2019
Thursday, January 31, 2019
When Intent May, or May Not Be an Issue for the Trier of Fact
In a January 25, 2019 decision from the U.S. District Court for the Southern District of Florida, Magistrate Judge Goodman agrees that the 2015 amendments limited the application of inherent authority with respect to ESI. Unfortunately for the defendant in this case, the Court’s interpretation of the amendment’s inclusion of "intent to deprive,” (and its reference to the Advisory Committee notes), while indisputably adding another hurdle to a finding of spoliation, opens (and shines a bright light on) the door to present the issues of intent to the jury.
While the Rule 37(e)(2)’s intent based approach has apparently not resulted in a slew of jury referrals for finding of intent, it appears that with sufficient evidence to show that a jury could reasonably find that a party had intent to spoliation (for purposes of Rule 37(e)(2), arguably negating, rather than implementing the apparent intent of the 2015 amendments to curtail sanctions determinations.
So, does the amended rule really “fix” what was perceived as untrammeled use of inherent authority in determining ESI spoliation sanctions, or does it leave more drastic sanctions determination squarely in the laps of a jury.
Which brings up the issue of whether a party could appeal reservation of a finding of intent to the Court (rather than a jury). Treacherous waters here, as an appellate decision ruling could find that (1) any issue of "intent" is always factual and one for jury determination, or that, in an jury trial (2) or create an interesting carve-out by ruling that some intent is not as equal (e.g. meriting a jury) as other intent (apologies to Orwell).
Option 1 offers a wider door for seeking sanctions (risk of jury determination), while Option 2 appears to curtail a party’s right to a jury trial on all facts so triable.
Sosa v. Carnival Corporation, 2019BL25237 (SD FL January 25, 2019).
We traded inherent authority for this.
Friday, January 11, 2019
Cyberinsurance claim for ransomware attack rejected as "act of war"
Welcome to 2019
Top of the story: Zurich American Insurance sued for 100 million dollars for rejecting claim for NotPetya ransomware losses suffered by U.S. snack maker Mondelezas "act of war" .
In 2017, U.S. snack manufacturer Mondelez became victim to a NotPetya ransomware attack and reported to have disabled 1,700 servers and 24,000 laptops. Perhaps disabled is a bit too gentle a term. NonPetya encrypts the file system table and prevents the system from booting, essentially bricking the device. Mondelez filed a claim for 100 million dollars with Zurich American Insurance Company in connection with the cleanup. Long story short: Zurich offered 10 million, then rejected the claim on the basis that, as some security experts [and the U.K.] believe) the Russian government is responsible for NotPetya development and propagation. Although Mondelez's cyber-insurance provisions were relatively robust, the policy also excludes coverage for losses arising from "hostile or warlike action in time of peace or war" by a "government or sovereign power." Mondelez filed suit in Cook County Circuit Court. 2018-L-011008.
Shout out to the Reg.co: Register Article
Top of the story: Zurich American Insurance sued for 100 million dollars for rejecting claim for NotPetya ransomware losses suffered by U.S. snack maker Mondelezas "act of war" .
In 2017, U.S. snack manufacturer Mondelez became victim to a NotPetya ransomware attack and reported to have disabled 1,700 servers and 24,000 laptops. Perhaps disabled is a bit too gentle a term. NonPetya encrypts the file system table and prevents the system from booting, essentially bricking the device. Mondelez filed a claim for 100 million dollars with Zurich American Insurance Company in connection with the cleanup. Long story short: Zurich offered 10 million, then rejected the claim on the basis that, as some security experts [and the U.K.] believe) the Russian government is responsible for NotPetya development and propagation. Although Mondelez's cyber-insurance provisions were relatively robust, the policy also excludes coverage for losses arising from "hostile or warlike action in time of peace or war" by a "government or sovereign power." Mondelez filed suit in Cook County Circuit Court. 2018-L-011008.
Subscribe to:
Posts (Atom)