notpetya attacks DLA Piper

Incident Date:

June 15, 2017

World map



notpetya attacks DLA Piper


DLA Piper




London, United Kingdom

, United Kingdom

First Reported

June 15, 2017

DLA Piper Faces Insurance Claim Denial After NotPetya Attack

DLA Piper has become the latest big name to be denied a multimillion-dollar insurance claim following major losses caused by the NotPetya ‘ransomware’ campaign of 2017. The multi-national law firm is said to be launching a legal case against its insurer Hiscox for failing to pay out. However, a spokesperson from the insurer confirmed to Infosecurity that the case, currently in arbitration, is not related to a specific cybersecurity policy and does not involve an "act of war" exclusion, as has been reported.

Zurich Refuses Mondelez Claim with "Act of War" Exclusion

The latter is the reason that insurance giant Zurich is said to be refusing to pay out a multimillion dollar claim from confectionary giant Mondelez. The Cadbury owner is said to be suing the insurer for over $100m to cover permanent damage to 1700 of its servers and 24,000 laptops as well as unfulfilled orders and other operational disruption.

Russian Involvement and the Challenge of Proof

Russia was directly blamed for the June 2017 attacks, which started in Ukraine but quickly spread around the world via the VPNs of multi-nationals with offices in the country. However, the Five Eyes governments that issued these statements, led by the UK, failed to provide hard evidence to back up their claims, which won’t make it easy for the insurers to make their case in court.

Impact on DLA Piper

DLA Piper was hit hard by the destructive ransomware strain, after becoming infected via a supplier. The company’s flat networks structure is said to have allowed the malware to spread fast across the globe. The legal giant was forced to pay 15,000 hours of overtime to IT workers to help recover from the incident, which forced it to start afresh with its entire Windows environment, according to reports.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.