How Travelers recovered its ransomware payment from seized assets

Chp July 19, 2024
American currency beneath a lifebelt shot on a blue background.

Travelers can recover a $255,800 ransomware payment it made on behalf of a cybercrime victim, in a case where the government seized several millions of dollars’ worth of assets a cybercriminal received in 2020-21.

Travelers paid for the losses of two of its insureds as a result of a North American-wide cyber-fraud operation that bilked $2.8 million from Canadians.

Travelers’ payments included the insured’s costs to negotiate and pay the ransom, acquire and transfer the demanded Bitcoin, and then rehabilitate their data and computer systems to a usable state once the decryption key was provided. Specifically, under its cyber-fraud insurance policies, Travelers paid out more than $255,000 to Technologies Xpertdoc Inc., and about $1 million to its insured, Robert Thibert Inc.

But recovering the Xpertdoc payment from among the cybercriminal’s seized assets proved to be difficult for the cyber insurer.

 

Restitution refused

In January 2021, the RCMP seized just under 700 Bitcoins and several hundred thousand dollars in cash from the accounts of Sébastien Vachon-Desjardins.

In December, the Sûreté du Québec contacted victims, including Xpertdoc and Thibert, seeking particulars of their claims for losses incurred because of the cyberattacks. On behalf of its insureds, Travelers advised of the amounts lost by Xpertdoc and Thibert, including their deductibles, as well as the amounts paid and anticipated to be paid by Travelers.

Vachon-Desjardins pleaded guilty in January 2022 to five counts related to the ransomware attacks. A judge sentenced him to seven years in prison, and ordered restitution to the victims, and that the Crown seize Vachon-Desjardins’ assets — including approximately 680 Bitcoins, nearly 16 Monero (XMR), and approximately $742,000 in cash.

See also  View Photos of the 2022 Porsche 911 GT3 Manual

“Along with the claims for six other Canadian victims, the Crown put [Traveler’s claim for the $1 million insurance payment it made on behalf of Thibert] before the sentencing judge during the restitution hearing,” as the Ontario Court of Appeal found in a decision released Friday. “Thibert received restitution in the amount of $706,921.

“However, the Crown inexplicably and erroneously failed to put the smaller, similar Xpertdoc claim [for more than $255,000] before the sentencing judge. Nor did the Crown bring the Xpertdoc claim to the sentencing judge’s attention…”

When Travelers wrote to the sentencing judge to claim its Xpertdoc payment back in restitution, the insurer was told it had not applied for restitution (the Crown had not notified the insurer about the forfeited assets), and therefore it hadn’t been considered. What’s more, it was too late to reverse that decision once it had been made.

In other news: These are BrokerLink’s latest acquisitions

 

How Travelers got its money back

Travelers applied for “relief from forfeiture” through an application under s. 462.42 of the Criminal Code, which would allow it to recover its payment from among the seized assets.

But the applications judge denied the motion, saying “Travelers was in the same position as an ordinary creditor, and did not have the requisite interest in the forfeited property,” as the Appeal Court characterized the lower court’s decision.

The applications judge said Travelers would have to make a claim for the ransom payment money in a civil proceeding against Vachon-Desjardins directly.

But Ontario’s Court for Appeal overturned that finding, agreeing Travelers did have an interest in the forfeited property. It ruled Travelers was entitled to receive it back from the seized assets.

See also  Disruptive Tool Theft Leads To Misery For Tradespeople

“This is an appropriate case in which to exercise the court’s discretion to order relief from forfeiture,” the Appeal Court ruled in a unanimous decision issued by a three-judge panel.

“Travelers stepped into the place of a victim of criminal conduct and would have benefited from a generous restitution order if the Crown had properly put its claim before the sentencing judge or if it had the opportunity, by way of notice of the Crown’s application for forfeiture, to bring its claim to the sentencing judge’s attention.

“In the circumstances of this case, it has a legitimate interest in the property forfeited.”

 

Feature image courtesy of iStock.com/CatLane

Related posts:

  1. Are Public Adjusters on the Chopping Block?
  2. Allstate Announces February 2023 Catastrophe Losses and Implemented Auto Rates
  3. 5 ways hurricanes increase your expenses in Florida
  4. NAIC Committee on Race & Insurance Considers Barriers to Preventive ‎Health Services

More Stories

4 key strategies to M&A integration success

4 key strategies to M&A integration success

Chp September 17, 2024
Little boy is being scared of monster.

Why underwriters are afraid of the AI bogeyman

Chp September 17, 2024
A Race To Build Trains Could Mess Up The Construction Timeline For The L.A. To Vegas High-Speed Rail

A Race To Build Trains Could Mess Up The Construction Timeline For The L.A. To Vegas High-Speed Rail

Chp September 17, 2024

You may have missed

Manulife expands financial literacy efforts in the Philippines

Manulife expands financial literacy efforts in the Philippines

Chp September 17, 2024
Howden enters Japanese retail insurance market

Howden enters Japanese retail insurance market

Chp September 17, 2024
4 key strategies to M&A integration success

4 key strategies to M&A integration success

Chp September 17, 2024
Little boy is being scared of monster.

Why underwriters are afraid of the AI bogeyman

Chp September 17, 2024
Southern Cross teams up with Sir Ashley Bloomfield to launch mindfulness initiative

Southern Cross teams up with Sir Ashley Bloomfield to launch mindfulness initiative

Chp September 17, 2024