Israeli Insurer Declines to Pay the Ransom, and Hackers Circulate More Personal Data

Cybercriminals circulate sensitive information after the lapse of the second deadline; hackers refute the firm’s allegations of anti-Israel objective, instead of a financial reason for the attack.

On Saturday, hackers circulated more sensitive customer data they stole from Shirbit Insurance; meanwhile, the firm persisted in declining to pay about $1 million ransom ultimatum.

Pictures of the personal documents issued included credit card specifics and the car registration of a member of staff at the President’s home and also a marriage certificate and private communication. According to the hackers, they have a significant amount of more data that they will release or sell if they do not receive any cash.

Black Shadow group who is behind the attack, stated that if the sum they have asked for, 50 bitcoins or $95,000 was deposited into its account by Friday morning, the group would not sell the data or publish it. But, it cautioned after 9 a.m. Friday, the sum would double to 100 bitcoins and after 9 a.m. Saturday, it would increase to 200 bitcoins.

The hackers said that if by Sunday morning the ransom remains unpaid, they will exchange the data with third parties for cash. Shirbit issued a statement saying they ‘are not going to submit to this type of terrorism.’

The hackers circulated thousands of images of medical documents, identity cards, checkbooks, pay stubs, and other private client data on Friday.

Before the deadline on Friday, the hackers gave a statement saying, ‘Shirbit has not paid us the cash as of now. It appears that releasing the personal data of their staff, government employees, and clients, does not bother them.’

Shirbit’s Friday statement that described why they were not ready to submit to the ransom demand said that after discussions throughout the night on Thursday, ‘all the important experts unanimously agreed that cyberterrorism aims to cause strategic damage. Money is not the motivating factor behind it.’

It seemed that the firm suspected that the target of the attack was Israel, not the firm in particular. But,  the hackers refuted this allegation in discussions with the Kan public broadcaster.

‘If the government was our enemy, we would trade the data with the enemies of Israel. As of now, we have not made any deal with any person apart from the firm,’ they stated.

In the meantime, the hackers circulated screenshots supposedly of their discussions with Shirbit. It painted a picture that they are very emphatic about the financial angle, while the company’s representative seemed to try in vain to buy some time.

On Friday at 9 a.m., the leaks started on the Telegram app. on an open channel. Additionally, the Black Shadow stated after the leaks: ‘We kept our word. The firm was not willing to give us money. Shirbit confirmed to everyone that they do not deem clients’ documents to be valuable.’

They added, ‘We have a remainder of 10 terabytes of data to leak.’

The group of hackers presented screenshots of WhatsApp communication they allegedly had with a representative from Shirbit, talking on the CEO’s behalf.

The messages were written in substandard English and the Shirbit representative ‘Ilia’ tried severally without success to secure guarantees, data, and delays from the cybercrooks.

Ilia tried to strike a conversation with the hackers after they issued a cryptic ultimatum for cash and informed them that ‘similar to dating, before conducting business we should get to know one another a bit….’

Ilia tried several times to trigger the hackers’ integrity and requested them to agree for the ransom to be paid in a couple of installments and attempted to get them to disclose information.

In a section of the communication, Ilia requested them to extend the deadline to enable him to get ‘government approvals.’

He said to the hackers, ‘All right, brother, I want you to become a ‘mentch’  (usually spelled ‘mensch’), the Yiddish term for a decent individual.

After the conversation, the hackers once more said that the deadline for the payment was still 9 a.m. while Ilia tried to prolong the dialogue. At first, the attack was mentioned on Tuesday in a joint statement when the Israel National Cyber Directorate and the Capital Markets Authority verified that a cyberattack had taken place on Shirbit and the breach had led to leakage of information.

According to the statement, an investigation about a likely cyber incident started one night before because there was suspicion that the firm’s servers would be attacked.

Black Shadow admitted they were behind the attack and sent several tweets in broken English saying that they were proud of its success. They also included pictures of part of the data they took, and technical details whose aim appeared to be portraying the attack’s magnitude.

Shirbit is a real estate, travel, and vehicle insurance specialist. One month back, it was successful in bidding to offer insurance for the civil service staff in the country during 2021, reported the Walla website.