Ransomware gang says it targets firms who have cyber insurance

And what’s more, it will hack insurance firms to identify them…

Ransomware gang says it targets firms with cyber insurance

The Record published an interesting interview last week with “Unknown”, a representative of the notorious REvil ransomware gang.

What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.

But more than that, the claim is made that the insurance companies themselves are hacked in order to determine who the ransomware gang’s next victim should be:

Do your operators target organizations that have cyber insurance?

Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.

It’s certainly not unknown for cyber insurance firms to suffer a ransomware attack. For instance, a year ago the Maze ransomware gang claimed to have stolen data from Chubb.

The Maze gang are no more, having announced they had quit the ransomware business. But there are plenty of other ransomware operations that continue to follow the same business model – including REvil.

Sign up to our free newsletter.
Security news, advice, and tips.

REvil (also known as Sodinokibi) has claimed responsibility for a slew of ransomware attacks against high-value targets, threatening to release stolen data to other criminals, or publish it on the internet, if a ransom is not paid.

One of REvil’s highest profile attacks was the compromise of Travelex, the now-defunct foreign currency exchange service.

Travelex reportedly paid out $2.3 million worth of Bitcoin to the REvil gang following the attack.

Be sure to check out the full interview by Dmitry Smilyanets with REvil;s “Unknown” on The Record.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Ransomware gang says it targets firms who have cyber insurance”

  1. stine

    Does this mean they've hacked the re-insurers? How else can they know which companies are insured for this?

    1. Graham CluleyGraham Cluley · in reply to stine

      That does appear to be what they're claiming, yes…

      I wonder who is insuring the insurance companies?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.