The headline writer for Forbes.com didn’t mince words . . . 

“2016 Saw an Insane Rise in the Number of Ransomware Attacks”

The article, posted on Feb. 7, 2017, quoted an annual report published by SonicWall, which noted in their Global Response Intelligence Grid that there were 3.2 million and 3.8 million ransomware attacks in 2014 and 2015, respectively. But that number spiked to a screaming 638 million in 2016, according to SonicWall.

Attacks on professional services firms, such as law firms, are a favorite among hackers and attackers. Networks and documents held for virtual ransom lead to business losses. Those losses lead to insurance claims. And, as happened last month, those claims may lead to insurance coverage disputes.

The Moses Afonso Ryan Ltd. law firm (MAR) sued Sentinel Insurance Company, Ltd., in Rhode Island Superior Court for coverage of business losses incurred when it fell victim to a ransomware attack in 2015. The perpetrators took over and encrypted all of the firm’s documents. They demanded payments in order to get the encryption key and regain access to their materials. The firm met the demands for payment, only to get more demands for money. The firm says it was ultimately extorted for $25,000 and, during the course of the three months it took to get its documents pulled back together, it allegedly lost $700,000 in business compared to the same period in the prior year.

“Despite the fact that MAR paid its premium, gave prompt notice of the ransomware attack and interruption of its business to Sentinel, and cooperated fully and completely with Sentinel’s inquiry into the ransomware attack and interruption of its business, Sentinel has failed and refused to pay MAR’s claim for coverage under the policy.”

Saying the carrier breached the terms of the policy and acted in bad faith, the firm seeks a declaration of coverage, plus consequential and punitive damages.

Click here to download the complaint.


Learn more!

Discussion of this subject will arise in at least three sessions at the upcoming NetDiligence Cyber Risk & Privacy Liability Forum. Check out the agenda and take a look at the following sessions:

  • Cyber Claims & Loss Updates
  • Managing a Ransomware Attack and Extortion
  • Professional Services Breach: Law Firms