Hackers published additional sensitive client information stolen from Shirbit Insurance on Saturday, as the company continued to refuse to pay the approximately $1 million ransom demanded.
Images of private documents released included the vehicle registration and credit card details of an employee at the President’s Residence, as well as personal correspondence and a marriage certificate. The hackers say they possess a wealth of further information that will be leaked or sold if they are not paid.
The group responsible for the attack, Black Shadow, had said that if the requested sum of 50 bitcoins ($950,000) was transferred into its account by Friday morning it would not publish or sell the information. However, it warned that the sum would double to 100 bitcoins after 9 a.m. Friday and to 200 bitcoins after 9 a.m. Saturday.
If the ransom is not paid by Sunday morning, the hackers said, they will sell the information to third parties.
Shirbit said in a statement that they “will not give in to this kind of terrorism.”
On Friday, the hackers published thousands of photos of identity cards, medical documents, paystubs, checkbooks and other personal customer information.
Before the Friday deadline, the hackers released a statement that said “Shirbit has not paid us the money yet. It seems like the leak of the private details of their customers, employees, and government employees is not important to them.”
In a Friday statement explaining their refusal to pay the demanded sum, Shirbit said that after negotiations all Thursday night, “all the relevant professionals came to the unanimous conclusion that cyberterrorism is aimed at causing strategic harm — and there is no financial motive behind it.”
The company appeared to insinuate that the attack was targeting Israel, rather than the company specifically. However, in an exchange with the Kan public broadcaster, the hackers denied the claim.
“If we were the enemy of the state, we would sell the information to Israel’s enemies. So far we have not negotiated with anyone other than the company,” the said.
Meanwhile, the hackers released screenshots of their supposed conversations with Shirbit, which appeared to show them highly focused on the financial aspect, while a representative for the company appeared to engage in futile stalling attempts.
At 9 a.m. Friday the leaks began on an open channel on the Telegram app.
Black Shadow also released a statement following the leaks, saying: “We did what we promised. The company did not want to pay us. Shirbit proved to everyone that clients’ documents are not important to them,” adding that “we still have ten terabytes of information left [to leak].”
The hacker group released screenshots of alleged WhatsApp correspondence they had with a representative of Shirbit, communicating on behalf of the CEO.
In the messages, in rather poor English, “Ilia,” the Shirbit representative, engaged in several failed attempts to secure assurances, information and delays out of the cybercriminals.
In an attempt to draw the hackers into a conversation after their curt demand for the money, Ilia told them that before doing business, “like dating, we need to [k]now each other a little…”
More than once Ilia attempted to appeal to the hackers’ sense of honor, asked to make the ransom payment in two installments, and tried to pry information out of them.
In one part of the exchange, Ilia, asking to put off the deadline so he could secure “government approvals,” told the hackers “ok bro. I need you to be a mentch” — referring to the Yiddish word for a good person, usually spelled “mensch.”
The exchange ended with the hackers’ repeated statement that payment was necessary by 9 a.m. and Ilia’s attempts to continue the conversation.
The attack was originally announced in a joint statement Tuesday when the Capital Markets Authority and the Israel National Cyber Directorate confirmed that there had been a cyberattack on Shirbit and that information had leaked in the breach.
The statement said that an investigation into a possible cyber incident had begun the night before amid suspicions of an attack on the company’s servers.
Black Shadow took responsibility for the attack, boasting of its success in a series of tweets in poorly-written English that included images of some of the information taken, as well as technical details apparently intended to show the scale of the assault.
Shirbit specializes in real estate, auto and travel insurance. A month ago it won a bid to provide auto insurance for the country’s civil service employees during 2021, the Walla website reported.