When managing cyber claims, Chubb’s Claims Specialists are attentive to every detail. Based on our insight into trends and exposures impacting cyber security, we can help you prevent and address cyber exposures when a cyber incident does occur. Chubb’s Cyber Claims team has managed claims across many industries from public entities to retail.
|Emotet Malware||Public Entity||Commercial||Technical Expertise|
|Payment Card Scam||Restaurant/Hospitality||Commercial||Expert Claims Investigation|
|Ryuk Ransomware||Financial Services||Commercial||Top-Tier Response Coach and Forensic Firm|
|Business Interruption||Retail||Commercial||Superior Coverage|
A municipality recently became the victim of a malware attack called Emotet, which is one of the more costly and destructive types of malware impacting governments today. Emotet—a self-replicating banking Trojan malware—seeks to gather user credentials in order to access financial accounts online. The municipality received the Emotet malware via an email attachment. Chubb’s Online Cyber Security Education courses offer isureds the chance to train and test employees on how to identify potential threats such as this. Once Emotet was installed onto the municipality’s computer system, the malware infected more than 1,000 computers. The municipality retained a forensic firm to remove the malware, as well as an incident response coach from the Chubb Cyber panel. Fortunately, no fraudulent transactions or exfiltration of data took place. As a result of the attack, more than $100,000 was spent for legal fees and forensic costs.
A bad actor sent an email to a restaurant, purporting to place an order. The email contained a malicious link that installed malware on the restaurant’s computer system once the link was clicked on. More than 400,000 credit card numbers were compromised in this particular attack. A forensic firm from the Chubb Cyber panel was retained to remediate the matter, and Payment Card Industry (PCI) assessments are estimated to cost more than $1M, which are covered under the restaurant’s cyber policy. This type of attack is different from attacks arising from the use of credit card “skimmers” and other devices, as this attack was perpetrated through a phishing email.
A financial services company was the victim of a highly targeted and planned Ryuk ransomware attack. Ryuk is a virulent form of ransomware that is characterized by large ransom demands. In this particular attack, the ransom demand was for more than $100,000 in Bitcoin, which the company refused to pay. This attack affected the company’s entire network, rendering the company’s data inaccessible. While the company has adequate backups of its system, it is unclear as to whether full restoration is possible. An incident response coach and a forensic firm from Chubb’s Cyber panel were retained, and are still working to determine if protected information was impacted in a manner that would trigger notification obligations under applicable data privacy laws. First-party expenses are still being incurred.
A retail chain in Canada suffered a ransomware attack which infiltrated its servers, computer systems, cash registers, online store, and website. The retail chain retained Chubb-preferred vendors to mitigate the incident, including a cyber incident response coach and a forensic investigator. As a result of the attack, approximately $1M in mitigation expenses and $100,000 in business interruption costs were paid.