‘You Have 24 Hours’: Hackers Demand $1m Ransom From Israeli Firm

Leading Israel insurance firm targeted in cyber attack this week gets ransom note demanding 50 bitcoin: 'If you will not pay, the price will double. After that we will sell your data'

Send in e-mailSend in e-mail
A man checks mining equipment inside their bitcoin mine near Kongyuxiang, Sichuan, China.
Illustration: A man checks mining equipment inside their bitcoin mine near Kongyuxiang, Sichuan, China.Credit: Paul Ratje/For The Washington Post via Getty Images

The hackers behind an attack on an Israeli insurance firm this week published Thursday a ransom note.

The Black Shadow group demanded that Shirbit pay out almost a million dollars within 24 hours or have the information stolen from them sold online. The hackers demanded 50 bitcoin ($950,000) and threatened to double and then triple the amount should the Israeli company refuse to pay. As of now, no amount has been transferred, according to the bitcoin address the hackers supplied, which is currently still empty. 

On Tuesday we reported that Shirbit, a mid-sized insurance firm focused predominantly on selling car insurance, was working with Israel’s cyber authority on breaches to its internal systems and servers by the hacker group.

Black Shadow's ransom note to Israeli insurance firm Shirtbit, as published on their TelegramCredit: Screen capture

The hackers managed to break into the company’s database and steal the personal details of its workers, including their payslips, as well as the personal details of Shirbit’s clients, including ID numbers, their past claims and additional information. 

Some of the hacked information is considered sensitive in part, as the firm also insures senior Israeli officials. 

The hacker group published at the time segments of the stolen information on its Twitter account and Telegram group, possibly as an attempt to pressure the firm to pay a ransom. Overnight Wednesday the ransom note finally appeared via their Telegram. 

Shiribt is being aided by official Israeli bodies, including the cyber authority, as well as private cyber firms. White Hat, which also provides cyber defense services, has long worked with Shirbit and is also consulting them on this incident. 

Zvi Leibushor, the CEO of Shirbit, initially declared the incident as over. However, the insurance company later admitted the hacked data had not been returned and stressed that it posed no threat and did not include sensitive information, indicating the event had not been fully resolved. 

On Thursday morning Shirbit published an update: “Last night we received a demand for ransom with an ultimatum to pay a million dollars. Alongside the extortion, the hackers also published details overnight about the personal details of some of our clients’ cases.”

The firm also said that “a group of experts and other bodies are examining the ramifications of the message we received. Meanwhile, the company is preparing to return to our normal operations in a supervised and secure manner.”

The insurance company added that “with the help of official and private cyber experts, Shirbit is working to protect its clients and data. With the first indication that we were facing [a security] event, the firm blocked all access to its data and worked with authorities to prevent any damage to the company or the firm.”

The coronavirus has seen a massive uptick in cyber crime. The cyber-attack on Shirbit is the latest in a string of attacks targeting Israeli firms. These include a cyber-attack on the firm Sapiens in June and another on chip manufacture Tower Semiconductor in September that caused it to temporarily halt production. It is possible that there have been other cases that remain unknown to the public. Ransomware attacks are often resolved quietly, with the victim paying out, and they have become a daily occurrence across the world. 

“There is no doubt that attacks such as these point to a systematic problem in the way Israeli firms or those serving the Israel market treat data security,” said Alon Gal, deputy head of technology at Hudson Rock, which describes itself as a “cybercrime intelligence” company.

According to data collected by Israel’s cyber authority, roughly a quarter of the country's companies and organizations have already been hit by some form of a cyber-attack. The issue has been significant enough to threaten Israel’s credit rating.

Comments