When Mer­ck was hit with a ran­somware at­tack in 2017, the phar­ma gi­ant was in fact just col­lat­er­al dam­age from a virus Rus­sia aimed at Ukraine, and the com­pa­ny is strug­gling to re­coup its loss­es be­cause its $1.75 bil­lion in­sur­ance plan doesn’t cov­er acts of war.

Those are de­tails from a rich­ly re­port­ed Bloomberg News sto­ry out yes­ter­day ex­plor­ing how a geopo­lit­i­cal fight in East­ern Eu­rope ac­ci­den­tal­ly en­tan­gled a New Jer­sey-based phar­ma­ceu­ti­cal com­pa­ny and sparked law­suits with ma­jor ram­i­fi­ca­tions for the fu­ture of in­sur­ance and cy­ber­crime.

Mer­ck em­ploy­ees log­ging on to their com­put­ers on June 27, 2017 were greet­ed with a po­lite mes­sage in pink let­ters: “Ooops, your im­por­tant files are en­crypt­ed. … We guar­an­tee that you can re­cov­er all your files safe­ly and eas­i­ly. All you need to do is sub­mit the pay­ment.” The pay­ment was $300 in bit­coin, per com­put­er.

The screen Mer­ck em­ploy­ees saw from the Petya at­tack

Ear­ly on, it was clear that Mer­ck was one vic­tim of a glob­al at­tack that al­so hit Dan­ish ship­ping com­pa­ny Maer­sk, Amer­i­can food com­pa­ny Mon­delez, French con­struc­tion gi­ant Saint-Gob­ain and even the sys­tems mon­i­tor­ing the Cher­nobyl nu­clear pow­er sta­tions, among oth­ers.

Un­like Cher­nobyl, though, it ap­pears that Mer­ck was not an in­tend­ed tar­get. The at­tack was dubbed Not­Petya, a cre­ation of the GRU Russ­ian mil­i­tary in­tel­li­gence agency (the same one that at­tacked the De­mo­c­ra­t­ic Na­tion­al Com­mit­tee), and it was de­signed to strike com­pa­nies and agen­cies in Ukraine, a coun­try that had been in con­flict with Rus­sia since 2014. But, per Bloomberg, Not­Petya con­t­a­m­i­nat­ed a tax soft­ware ap­pli­ca­tion, M.E.Doc, that was run­ning on a serv­er in Mer­ck’s Ukraine of­fice.

From there, it spread to the phar­ma gi­ant’s head­quar­ters, where it would elim­i­nate — in some cas­es — years of re­search, crip­ple Gardis­al 9 pro­duc­tion fa­cil­i­ties and even­tu­al­ly cause (by Mer­ck’s es­ti­mate) $1.3 bil­lion in dam­ages. Mer­ck, though, had a prop­er­ty in­sur­ance plan worth up to $1.75 bil­lion that cov­ered com­put­er da­ta, cod­ing and soft­ware (af­ter a $150 mil­lion de­ductible). But when Mer­ck went to ac­ti­vate the plan, most of their 30 in­sur­ers re­ject­ed them. Your plan doesn’t cov­er dam­ages from mil­i­tary ac­tion, they told “shocked” Mer­ck of­fi­cials.

What fol­lowed were, not sur­pris­ing­ly, a string of law­suits, with Mer­ck claim­ing that it was hit by a cy­ber — not a mil­i­tary — event. These law­suits, Bloomberg re­ports, are be­ing watched for the prece­dents they may set around how fu­ture cy­ber­crime is clas­si­fied.

The in­sur­ers are try­ing to prove two things: that the at­tack re­al­ly did come from Rus­sia and that Mer­ck was not as vig­i­lant as it could have been in pro­tect­ing their da­ta. Mer­ck, as End­points News re­port­ed short­ly af­ter the at­tack, had missed two op­por­tu­ni­ties to in­oc­u­late them­selves against the virus be­fore they were struck.

On Rus­sia, the in­sur­ers have got­ten a hand from the White House. Last year, the Trump Ad­min­is­tra­tion wrote with­out equiv­o­ca­tion that the at­tack “was part of the Krem­lin’s on­go­ing ef­fort to desta­bi­lize Ukraine and demon­strates ever more clear­ly Rus­sia’s in­volve­ment in the on­go­ing con­flict.”

“When the pres­i­dent of the Unit­ed States comes out and says, ‘It’s Rus­sia,’ it’s go­ing to be hard to fight,” Jake Williams, a for­mer Na­tion­al Se­cu­ri­ty Agency hack­er who now helps com­pa­nies hunt for vul­ner­a­bil­i­ties in their com­put­er net­works, told Bloomberg. “I’ll be sur­prised if the in­sur­ance com­pa­nies don’t get a win. This is as sol­id a case as they’re go­ing to get.”

But some le­gal ex­perts ex­pressed greater skep­ti­cism of the in­sur­ers’ case. All signs may point to Russ­ian cul­pa­bil­i­ty but when it comes to cy­ber, it’s not clear what mil­i­tary ac­tion means.

“It’s not go­ing to be an easy case for a judge in the U.S. to de­clare that this was an act of war,” Cather­ine Lotri­onte, a for­mer CIA lawyer who’s taught at George­town Uni­ver­si­ty, told Bloomberg.

Vanda Pharmaceuticals is making a name for itself, at least in terms of suing the FDA.

The DC-headquartered firm on Monday filed its latest suit against the agency, with the company raising concerns over the FDA’s failure to grant a fast track designation for Vanda’s potential chronic digestive disorder drug tradipitant, which is a neurokinin 1 receptor antagonist.

Specifically, Vanda said FDA’s “essential point” in its one-page denial letter on the designation pointed to “the lack of necessary safety data,” which was “inconsistent with the criteria for … Fast Track designation.”

SpringWorks Therapeutics thinks it has cemented the backbone for its first “pipeline-in-a-product” oncology treatment and will send it to the FDA before the clock strikes 2023 with a Phase III win on Tuesday.

The oral gamma secretase inhibitor, dubbed nirogacestat, beat placebo on the primary goal of progression-free survival in adults with progressing desmoid tumors.

The soft-tissue tumors can lead to long-lasting pain, disfigurement and amputation, and there are currently no approved meds for the rare oncology indication. The tumors typically impact patients aged 20 to 44 years old and disproportionately affect women at rates 2 to 3 times higher, with up to a total of 1,650 new cases diagnosed in the US annually, according to SpringWorks.