A British jeweler has sued its insurance company for refusing to cover a bitcoin ransom payment of $7.5 million. The jeweler paid the hackers to prevent sensitive customer data from being published.
A luxury British Jeweler, Graff, has sued its insurer, The Travelers Companies, for refusing to cover a ransom bitcoin payment, Bloomberg reported last week.
The jeweler paid a bitcoin ransom of $7.5 million to the Russian hacking gang Conti after the group threatened to leak data of the company’s big clients, including Middle East royalty. Graff negotiated the ransom payment amount with the hackers and managed to reduce it from $15 million.
Conti attacked Graff in September last year and leaked data about the royal families from Saudi Arabia, the United Arab Emirates (UAE), and Qatar. The hackers apologized to the families but said that they may need to leak more of Graff’s data.
“Our goal is to publish as much of Graff’s information as possible regarding the financial declarations made by the US-UK-EU neo-liberal plutocracy, which engages in obnoxiously expensive purchases when their nations are crumbling under economic duress,” the hacking group reportedly said.
While authorities have discouraged individuals and businesses from making ransom payments, there are circumstances where paying them is beneficial, particularly when the damage inflicted by a cyber attack is greater than the cost of the ransom.
Some insurers offer cyber insurance policies that cover crypto ransom payments. However, experts have warned that insurers are inadvertently funding organized crime by paying out claims from companies who paid ransoms.
Ciaran Martin, the founding CEO of the British National Cyber Security Centre (NCSC), explained last year that “People are paying bitcoin to criminals and claiming back cash.” He stressed: “I see this as so avoidable. At the moment, companies have incentives to pay ransoms to make sure this all goes away. You have to look seriously about changing the law on insurance and banning these payments, or at the very least, having a major consultation with the industry.”
Regarding Graff’s ransom payment, a company spokesperson said: “The criminals threatened targeted publication of our customers’ private purchases. We were determined to take all possible steps to protect their interests and so negotiated a payment which successfully neutralized that threat.”
The jewelry company added:
We are extremely frustrated and disappointed by Travelers’ attempt to avoid settlement of this insured risk. They have left us with no option but to bring these recovery proceedings at the High Court.
Do you think insurance companies should cover bitcoin ransom payments? Let us know in the comments section below.