The Black Shadow hacker group which targeted the Shirbit insurance company in a cyberattack on Tuesday demanded that Shirbit send 50 bitcoin ($961,110) to their bitcoin wallet within 24 hours, in a message published on their Telegram channel on Wednesday night.
The group stated that if the money is sent, they will not disclose any data and will not sell it to anyone. The hackers have already published large collections of files containing the private information of customers and employees.
Black Shadow warned that if the money is not sent within 24 hours of 9 AM on Thursday morning, the ransom demand will rise to 100 bitcoin ($1,922,220). If another 24 hours pass, the demand will rise to 200 bitcoin ($3,847,680). "After that we will sell the data to the others," warned the hackers, adding that they will leak some more data at the end of every 24 hours.
Shortly after the message was published, the group published more files, including faxes and ID cards.
The National Cyber Directorate and Capital Market Authority said on Tuesday that it was working with Shirbit to investigate the suspected attack and that an initial probe found that insurance details were also leaked.
Although the National Cyber Directorate only announced the attack on Tuesday morning, Black Shadow posted the first leaked documents at around 9 PM on a Telegram channel on Monday evening.
Shirbit reportedly has many government employees among its clients, including the president of the Tel Aviv District Court, Gilad Noitel.
In a Telegram message to KAN, the group stated that they had other targets that they would disclose later and that they conducted the attack "for money," without further clarification.
“The Shirbit insurance company places the safety and service of its customers at the top of its priorities and is ranked year after year among the top insurance companies in Israel in its fields of activity,” company CEO Zvi Leibushor said in response to the incident.
“Shirbit has invested millions of shekels in securing databases and protecting against cyber attacks and meets all the stringent regulatory requirements in this area.”
Leibushor added that Shirbit is investing all resources and efforts needed for an “effective, safe and rapid solution to the cyber attack, whose real goal is to try to harm the Israeli economy.”
The attack comes amid a spike in ransomware attacks against insurance companies, with dozens of insurance companies in the US reporting ransomware attacks in just the past week, according to the ransomware removal and cyber security service MonsterCloud.
The attackers in the US have made ransom demands between 100,000 to millions of USD.
"Based on the recent attacks here in the US, the attacks are money driven, and even if the victim has a backup, the attacker will blackmail the victim for the ransom to prevent data leak which is huge when it comes to insurance companies. This is a new trend in the US. This type of attack is caused due to a lack of cyber security knowledge," said MonsterCloud CEO Zohar Pinhasi, to The Jerusalem Post, warning that "it seems the company has a long and turbulent road ahead."
The CEO added that it is unclear whether the same group is behind the attacks in the US, explaining that hacker groups tend to change their names often in order to protect themselves.
