Israeli insurance company Shirbit was hit by a ransomware attack last week. The hackers demanded 50 Bitcoin within 24 hours. 50 Bitcoin is about a million dollars.
When they didn’t do that, the hackers started leaking the company’s data and doubled the ransomware demand to 100 Bitcoin or about two million dollars.
They said that if Shirbit still didn’t comply, they would raise the demand to 200 Bitcoin or about $3.8 million in the following 24 hours.
AND then they would start leaking more data every 24 hours as well as selling some of the data.
One thing of interest here is the timeline. Evey 24 hours the rules change. That means that you, as a business, need to be completely prepared because you do not have time to figure it out on the fly.
In the US, you also have to figure out whether paying the ransom is even legal and if not, what your alternatives are.
The insurance company says that they looked and the data that was stolen won’t hurt their customers. That may depend on your definition of hurt. I think that remains to be seen. You may remember that Travelex said their ransomware attack would not have a material effect on their business. Then declared bankruptcy a couple of months later.
Credit: The Jerusalem Post