Ride the Lightning

REvil Ransomware Gang Hacks Insurance Companies to Target Victims with Cyberinsurance

March 23, 2021

Graham Cluley reported on March 22 that The Record published an interesting interview recently with “Unknown”, a representative of the notorious REvil ransomware gang.

The representative said that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – because those victims are more likely to pay the ransom.

Further, “Unknown” said that the insurance companies themselves are hacked in order to figure out who the ransomware gang’s next victim should be:

Here is a compelling question and answer:

“Do your operators target organizations that have cyber insurance?”

“Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.”

A year ago the Maze ransomware gang, now “retired”, claimed to have stolen data from Chubb.

REvil (also known as Sodinokibi) has claimed responsibility for many ransomware attacks against high-value targets, threatening to release stolen data to other criminals, or publish it on the internet, if a ransom is not paid.

One of REvil’s highest profile attacks was the compromise of Travelex, the now-defunct foreign currency exchange service.

Travelex reportedly paid out $2.3 million worth of Bitcoin to the REvil gang following the attack.

If you think about it, penetrating and exfiltrating data from insurance companies makes complete sense – and I appreciated the raw irony of then, lastly, attacking the insurer itself.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email:  Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson