Skip to content

Menu

LexBlog, Inc. logo
CommunitySub-MenuPublishersChannelsProductsSub-MenuBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAboutContactResourcesSubscribeSupport
Join
Search
Close

No Computer Fraud Coverage for Ransomware Attack

2020-LexBlog-Cyber-Insurance-iStock-962094400
By Alexander Lichtenstein on May 21, 2020
Email this postTweet this postLike this postShare this post on LinkedIn

The Indiana Court of Appeals, applying Indiana law, has held that a ransomware attack did not necessarily constitute a “fraudulent” act, and the corresponding loss did not fall within the scope of the computer fraud coverage part of a multi-peril commercial insurance policy.  G&G Oil Co. of Ind. v. Cont’l Western Ins. Co., 2020 WL 1528095 (Ind. Ct. App. Mar. 31, 2020).  The court rejected the argument that the ransomware attack was a fraud because it was an “unconscionable dealing” and instead found that the hacker did not “pervert the truth” or engage in deception in order to induce ransom payment.

In November 2017, the insured discovered that it was a victim of a ransomware attack.  Employees were unable to access servers or workstations.  The hacker demanded payment in the form of Bitcoin in exchange for the passwords and to restore control.  The company made the payment, and the systems were restored.  The company sought coverage for the losses from the attack under the Computer Fraud provision of its policy’s Commercial Crime Coverage.  The insurer denied the claim on the basis that the company’s losses did not result directly from the use of a computer to fraudulently cause a transfer of funds.  In the ensuing coverage litigation, the trial court granted the insurer’s motion for summary judgment, concluding that the losses did not result from Computer Fraud.  The company appealed.

The appellate court affirmed, determining that a ransomware attack did not constitute Computer Fraud under the policy.   The policy defined “Computer Fraud” as the “loss of …‘money’… resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the ‘premises’ or ‘banking premises’: [t]o a person … outside those ‘premises’; or [t]o a place outside those ‘premises’.”  The company argued that the policy did not define the terms “fraud” or “fraudulently” and therefore, the court should apply the plain meaning of the word, including “unconscionable dealing.”  The insured argued that the ransomware attack was “deceptive and unconscionable” and therefore, constituted a fraud.  The insurer contended that the hacker did not commit any act that would be classified as a fraud, but rather demanded ransom in exchange for the passwords to regain access to the system.  After analyzing the definition of fraud, the court concluded that the attack was not a loss fraudulently caused by the use of a computer.  In the court’s view, the hacker did not obscure the truth in order to induce the insured to purchase the Bitcoin to release the servers and accounts.  While illegal, the court concluded that there was no deception in the attack.  As such, the court held that the loss from the ransomware attack was not covered under the policy’s computer fraud coverage.

  • Posted in:
    Corporate & Commercial, Insurance
  • Blog:
    Wiley Executive Summary
  • Organization:
    Wiley Rein LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Pro Policyholder
  • The Way on FDA
  • Crypto Digest
  • Inside Cybersecurity & Privacy Law
  • La Oficina Legal Ayala Hernández
Copyright © 2022, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo