Claims service that lightens your load
Case study: Full support during ransomware crisis
Industry: Manufacturing (Europe)
Challenge: Ransomware attack with encrypted servers, deleted backups, and extortion demand
The Incident
A ransomware attack encrypted the insured’s servers and data, and the threat actor deleted all backups before issuing a ransom demand. The insured chose to make the payment to obtain a decryption key, prevent data leakage, and reduce risks to data subjects and reputational damage.
The QBE difference
QBE Claims engaged its vendor partner network to provide:
- Legal and regulatory advice
- Forensic investigation, containment, recovery, and restoration
- Negotiation, intelligence, and sanctions checking services
QBE’s panel specialists facilitated the insured's ransom payment via cryptocurrency and managed the payment, ensuring full compliance with AML regulations, counter-terrorism requirements and sanctions.
The Outcome
- The insured received the decryption key and avoided public data exposure
- QBE reimbursed ~£2M in costs for legal and forensic investigations, the extortion payment, and the business interruption claim
- The insured was supported throughout the crisis with expert guidance
- QBE’s coordinated response helped the insured recover securely, confidently and within regulatory guidelines.
Cover is subject to the applicable policy. These case studies are provided for illustrative purposes only, based on QBE’s claims experience. Some details have been changed for confidentiality. All products and services are provided by QBE Insurance Group Limited or its subsidiaries (“QBE”) or by QBE’s selected third party vendors and may be subject to additional terms and conditions, limitations and disclaimers [available on request]. Information and guidance provided by QBE is not intended to constitute any financial or professional advice tailored to your circumstances and may not have been prepared with detailed knowledge of your systems or the risks to your business, and does not cover all possible situations or actions necessary to respond to a cyber security incident. QBE does not make any guarantees regarding outcomes, such as reduced claim exposure or that a product or service will meet your unique needs. You are responsible for using your independent judgment to assess the advice provided and the suitability of any product and this does not replace the advice of legal counsel or cyber security professionals in preparing for, or responding to, a cyber security incident. QBE is not liable or responsible for services provided by its third party vendors. QBE and the chain links logo are registered trade marks of QBE Insurance Group Limited and third party marks are duly licensed. © 2026 QBE Insurance Group Limited.