Shirbit Insurance in Israel became the target of a ransomware attack in recent days, with hackers from a group calling itself “Black Shadow” allegedly stealing dozens of terabytes worth of sensitive data from company servers and publicizing personal data of its customers.
The hackers demanded that Shirbit pay a ransom to prevent files being released to the public. When the company refused, the hackers began to publish sensitive information including medical and financial records of clients, images of private documents, and the ID numbers of thousands of Shirbit employees and customers, including some prominent Israeli citizens.
Shirbit refused to pay the ransom despite “Black Shadow” making good on its threat to leak and sell information to foreign intelligence agencies that may be hostile to the Jewish state.
When the data breach was first announced last Tuesday, Shirbit’s initial statement was that would not surrender to “cyber terror” and was working with government and private cyber experts.
“The company has a full backup… and the initial investigation shows that the information stolen will not cause damage to the company's customers. The company has acted to protect information resources in accordance with the directives of the authorities, and is also now fully coordinated with them," said a Shirbit official.
However, as more days passed and the data leaks continued, a rising tide of voices began criticizing Shirbit for its lack of response to the threats. Cyber security experts called Shirbit’s decision a mistake and claimed that the hackers, whose identity has been the subject of intense speculation, were very capable to follow through with their threats and cause serious damage to Israel’s economy and national security.
As a result, the Israeli government is reconsidering using Shirbit as the insurance provider for its employees.
“We take the incident seriously and are following developments on the issue and the findings of the supervisory authorities,” said the Finance Ministry, according to KAN news agency. “Decisions will be made in accordance with the findings and subject to the law.”
Zohar Pinhasi, founder and CEO of MonsterCloud, a leader in cyber security for businesses and government institutions, condemned Shirbit for its handling of the situation.
“The Pandora’s box has opened and now the company is trying to downplay the severity of the hack and frame it as a matter of ‘national security’ to prevent damage to their reputation,” Pinhasi told the Jerusalem Post. “It’s important to clarify this: no government or security body will be able to stop it. Shirbit should have paid the ransom.”
On Monday, an emergency meeting of the Knesset Science and Technology Committee was held to discuss the attack on Shirbit. There is no official state policy of paying a ransom for information.
“Responsibility for negotiations and the payment is solely the responsibility of the company,” said Amit Gal, a senior official in the Capital Markets Authority.
The ransomware attack occurred amid a tidal wave of similar attacks which have targeted insurance companies around the world in recent weeks. Most companies have paid the demanded ransom, but anecdotal evidence suggests some hackers continue to sell the information despite receiving their money.
While the identity of the “Black Shadow” group remains unclear, various experts believe there is at least one individual from or within Israel. There has also been speculation that the attackers are from Iran. One investigator involved in the case told Channel 12 on Friday that it seems more likely that a state is behind the attack, not a private group.
The All Israel News Staff is a team of journalists in Israel.