Hackers demand $1m in Bitcoin from breached Israeli company

Black Shadow threatens to dump batches of its clients’ information every day until the ransom money is paid.

By Raphael Kahan, Calcalist

The cyberattack on Israeli insurance company Shirbit this week left the hackers with a huge databank of files that contain personal information on its clients and employees. Now, the real reason behind the attack has been made apparent and it apparently has nothing to do with Iranian revenge or political activism, as was claimed. A message posted by the hackers on Telegram Wednesday night demanded a ransom of 50 Bitcoins, worth roughly a million dollars.

Cybercrime intelligence data company Hudson Rock tweeted out a screen capture of the message.

In most ransom attacks, the hackers don’t bother to post public updates and tend to hold behind the scenes negotiations with the victims in order to avoid attention. In this case, however, it seems that the hackers, a group that calls itself the Black Shadow, want to draw attention, perhaps in order to pressure the company into paying the ransom.

In order to increase the pressure for quick payment, they threatened that if their demands would not be met within 24 hours starting 8 a.m. in Israel, the price of the ransom would double every day. They also dumped a batch of 300 of the documents online, threatening to release another batch every 24 hours until their demands are met.

The hackers promised that for the time being, they would not sell the data to others, but threatened that they would start fielding offers if their ultimatum wasn’t met. That said, it is not clear whether or not they have already sold parts or all of the stolen data. The databank they were able to get their hands on included the private details of many public service workers in Israel, seeing how Shirbit was selected as a provider of insurance policies, particularly car insurance, for the government. This means that the information in the hackers’ possession could be of great value to foreign spy agencies, including the Iranians.

“Tonight we received a million-dollar ransom demand, alongside an ultimatum. Together with the blackmail letter, the attackers leaked details pertaining to insurance claims of several of our clients. The team of experts, alongside other agencies, are looking into the ramifications of the message and at the same time the company is preparing for a resumption of activities in a secure and measured fashion,” Shirbit said in a statement.

“Shirbit continues to make efforts to protect its clients’ information and is employing a team of private and government experts in the field of cyber. As soon as the first indication of the breach was discovered, the company blocked access to its service and is working with the relevant authorities to prevent harm to the company and its clients.”