A New Jersey court has ruled in favor of Merck in a lawsuit the pharmaceutical company filed against its insurer, Ace American, which declined to cover the losses caused by the NotPetya ransomware attack. From a report: The NotPetya incident, which took place in June 2017 and impacted thousands of companies all over the world, destroyed data on more than 40,000 Merck computers and took the company months to recover. Merck estimated the damage at $1.4 billion, a loss caused by production outage, costs to hire IT experts, and costs of buying new equipment to replace all affected systems. At the time, the company had a $1.75 billion “all-risk” insurance policy, which included coverage for software-related data loss events. However, Ace American refused to cover the losses, citing that the NotPetya attack was part of Russian hostilities against Ukraine and, as a result, was subject to the standard “Acts of War” exclusion clause that is present in most insurance contracts. Merck sued Ace American in November 2019 and argued in court that the attack was not “an official state action,” hence the Acts of War clause should not apply.
Read more of this story at Slashdot.