Legal Insights

< back to search results

WannaCry? You may not want to cry but you will want to check your policy terms


The WannaCry ransomware attack of Friday 12 May is now petering out, although its effects linger on in some places and fears of follow up attacks remain. As well as testing the IT systems and preparedness of its victims, events such as this also test the wordings of the cyber policies and other traditional covers on which many insureds rely.

Based on what we know about the WannaCry attack so far, it seems to have been malware downloaded onto the victim's system (perhaps via an email link) and once there exploiting a Windows security vulnerability. Once downloaded and activated, WannaCry seems to have been able to spread to other machines with the same vulnerability. Reports suggest hundreds of thousands of computers were affected across the globe with hotspots in the UK, Russia, Spain and the US.