Hackers published sensitive client information stolen from Shirbit Insurance after the company refused on Friday to pay the approximately $1 million ransom demanded.
The information published included thousands of photos of identity cards, medical documents, paystubs, checkbooks and other personal customer information, according to Channel 12 news.
The hackers have now doubled their ransom demands, and say they possess a wealth of further information that will be leaked or sold if they are not paid.
Shirbit said in a statement that they “will not give in to this kind of terrorism.”
The group responsible for the attack, Black Shadow, had said that if the requested sum of 50 bitcoins ($950,000) was transferred into its account by Friday morning it would not publish or sell the information. However, it warned that the sum would double to 100 bitcoins after 9 a.m. Friday and to 200 bitcoins after 9 a.m. Saturday.
If the ransom is not paid by Sunday morning, the hackers said, they will sell the information to third parties.
Before the deadline, the hackers released a statement that said “Shirbit has not paid us the money yet. It seems like the leak of the private details of their customers, employees, and government employees is not important to them.”
In a Friday statement explaining their refusal to pay the demanded sum, Shirbit said that after negotiations all Thursday night, “all the relevant professionals came to the unanimous conclusion that cyberterrorism is aimed at causing strategic harm — and there is no financial motive behind it.”
The company appeared to insinuate that the attack was targeting Israel, rather than the company specifically. However, Channel 12 news said there was no evidence of this.
Meanwhile, the hackers released screenshots of their supposed conversations with Shirbit, which appeared to show them highly focused on the financial aspect, while a representative for the company appeared to engage in futile stalling attempts.
At 9 a.m. Friday the leaks began on an open channel on the Telegram app.
Black Shadow also released a statement following the leaks, saying: “We did what we promised. The company did not want to pay us. Shirbit proved to everyone that clients’ documents are not important to them,” adding that “we still have ten terabytes of information left [to leak].”
The hacker group released screenshots of alleged WhatsApp correspondence they had with and a representative of Shirbit, communicating on behalf of the CEO.
In the messages, in rather poor English, “Ilia,” the Shirbit representative, engaged in several failed attempts to secure assurances, information and delays out of the cybercriminals.
In an attempt to draw the hackers into a conversation after their curt demand for the money, Ilia told them that before doing business, “like dating, we need to [k]now each other a little…”
More than once Ilia attempted to appeal to the hackers’ sense of honor, asked to make the ransom payment in two installments, and tried to pry information out of him.
In one part of the exchange, Ilia, asking to put off the deadline so he could secure “government approvals,” told the hackers “ok bro. I need you to be a mentch” — referring to the Yiddish word for a good person, usually spelled “mensch.”
Alleged screenshots of the negotiations between Shirbit insurance and a hacker group blackmailing the company, as supplied by the hackers, December 4, 2020 (Courtesy)The exchange ended with the hackers’ repeated statement that payment was necessary by 9 a.m. and Ilia’s attempts to continue the conversation.
The attack was originally announced in a joint statement Tuesday when the Capital Markets Authority and the Israel National Cyber Directorate confirmed that there had been a cyberattack on Shirbit and that information had leaked in the breach.
The statement said that an investigation into a possible cyber incident had begun the night before amid suspicions of an attack on the company’s servers.
Black Shadow took responsibility for the attack, boasting of its success in a series of tweets in poorly-written English that included images of some of the information taken, as well as technical details apparently intended to show the scale of the assault.
“A huge cyberattack has been taken place by Black Shadow team,” the group tweeted. “There has been a massive attack on the network infrastructure of Shirbit Company, which is in Israel economic sphere.”
“In this action, in addition to serious damage to data centers, information of a significant part of the company’s subscribers has been leaked,” the group continued, saying it had taken “subscribers identity documents, financial statements and other company-related documents.”
“Also all of customer’s and employee’s identities have been hacked,” Black Shadow said. It did not give any motive for the hack.
Shirbit specializes in real estate, auto and travel insurance. A month ago it won a bid to provide auto insurance for the country’s civil service employees during 2021, the Walla website reported.