Claims expertise that restores control fast
Case study: Smart containment and cost-efficient recovery
Industry: Legal Services (Asia)
Challenge: Ransomware attack with confirmed data exfiltration and multi‑system encryption
The Incident
A law firm in Asia experienced a sophisticated ransomware attack after a threat actor gained access via a compromised VPN.
Once inside the network, the attacker escalated privileges, encrypted virtual machines, and exfiltrated sensitive data, resulting in system lockout and a ransom demand of USD 400k.
The QBE difference
QBE Claims immediately activated incident response and coordinated a full forensic, legal, and containment strategy.
Working closely with specialist partners:
- Deployed enterprise-grade endpoint monitoring to identify and isolate the threat
- Removed threat actors and secured affected systems
- QBE’s panel specialists facilitated and managed the insured’s ransom payment down to USD 100k
- Supported regulatory notification requirements where needed
The Outcome
- Insured restored operations safely after containment and isolation of encrypted systems
- Regulatory response was supported through forensic analysis and documented findings
- Cost-effectively managed through ensuring all activities fell within covered sections
- Coordinated with the client to mitigate reputational and operational impact.
Cover is subject to the applicable policy. These case studies are provided for illustrative purposes only, based on QBE’s claims experience. Some details have been changed for confidentiality. All products and services are provided by QBE Insurance Group Limited or its subsidiaries (“QBE”) or by QBE’s selected third party vendors and may be subject to additional terms and conditions, limitations and disclaimers [available on request]. Information and guidance provided by QBE is not intended to constitute any financial or professional advice tailored to your circumstances and may not have been prepared with detailed knowledge of your systems or the risks to your business, and does not cover all possible situations or actions necessary to respond to a cyber security incident. QBE does not make any guarantees regarding outcomes, such as reduced claim exposure or that a product or service will meet your unique needs. You are responsible for using your independent judgment to assess the advice provided and the suitability of any product and this does not replace the advice of legal counsel or cyber security professionals in preparing for, or responding to, a cyber security incident. QBE is not liable or responsible for services provided by its third party vendors. QBE and the chain links logo are registered trade marks of QBE Insurance Group Limited and third party marks are duly licensed. © 2026 QBE Insurance Group Limited.