HC grants protection to Generali Central Life Insurance after ransomware attack

MUMBAI: The Bombay High Court has granted urgent ad-interim relief to Generali Central Life Insurance Company Limited, after it suffered a cyber-attack, which compromised its confidential data. The company has been targeted by the Medusa ransomware group, a highly active malware that pressures firms into paying ransom by threatening to publicly release sensitive data and ruin their reputations. Generali’s data includes information about its business as well as personal information of its customers.

The court on Thursday directed the central government to immediately restrain the possible dissemination of its confidential data, compromised during the ransomware incident. The single-judge bench of Justice Arif Doctor was hearing a suit filed by Generali seeking urgent ad-interim relief, following the cyber attack.

The company pointed out that its data had been compromised by a group of hackers, who identified itself as “Medusa”, which has posted threats on social media platform “X”. These threats consist of a time-bound demand on the company to pay USD500,000. Failure to pay will result in leaking the data to anyone who is willing to pay for it.

The group has allegedly given Generali three ransom options, specifying that USD10,000 will be charged if the company wants to seek an extension of a day; another USD500,000 if they seek to delete all the data; and USD500,000, if they seek to download all data. Counsel for the company submitted that there is an apprehension that if these demands are not met, their data may be disseminated publicly or sold to third parties.

Since the identity of the hacker is unknown, Generali impleaded the alleged attacker as “John Doe”. In view of the alarming increase in online scams, cyber attacks, and ransomware incidents, the company pointed out that the court has, on earlier occasions, granted similar relief, wherein it has restrained an unknown entity (John Doe) from using, copying, publishing, distributing, transmitting, communicating, or disclosing to any person any confidential or proprietary information belonging to another company that was not in the public domain.

Therefore, it sought directions from the court to the central government to issue necessary instructions to internet service providers, intermediaries, and other relevant authorities to remove, delete, block and disable the accounts, domain names, phone numbers, and email addresses associated with such unlawful content.

Observing that a strong prima facie case has been made out for the grant of ad-interim relief, the court directed the hackers and their agents against using, copying, publishing, distributing, transmitting, communicating or disclosing the confidential data it has stolen from Generali.

“The gravity of the consequences that may follow if the applicant’s confidential data is made public or traded is overwhelming. The balance of convenience is clearly in favour of the applicant for the grant of ad interim reliefs as prayed for,” the court said, after directing the Union department of telecommunications and related authorities to remove, delete, block and disable accounts linked to the stolen data within 24 hours of intimation by Generali and file an affidavit of compliance before the court.