Ransomware gang says it targets firms who have cyber insurance

And what’s more, it will hack insurance firms to identify them…

Ransomware gang says it targets firms with cyber insurance

The Record published an interesting interview last week with “Unknown”, a representative of the notorious REvil ransomware gang.

What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.

But more than that, the claim is made that the insurance companies themselves are hacked in order to determine who the ransomware gang’s next victim should be:

Do your operators target organizations that have cyber insurance?

Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.

It’s certainly not unknown for cyber insurance firms to suffer a ransomware attack. For instance, a year ago the Maze ransomware gang claimed to have stolen data from Chubb.

The Maze gang are no more, having announced they had quit the ransomware business. But there are plenty of other ransomware operations that continue to follow the same business model – including REvil.

Sign up to our free newsletter.
Security news, advice, and tips.

REvil (also known as Sodinokibi) has claimed responsibility for a slew of ransomware attacks against high-value targets, threatening to release stolen data to other criminals, or publish it on the internet, if a ransom is not paid.

One of REvil’s highest profile attacks was the compromise of Travelex, the now-defunct foreign currency exchange service.

Travelex reportedly paid out $2.3 million worth of Bitcoin to the REvil gang following the attack.

Be sure to check out the full interview by Dmitry Smilyanets with REvil;s “Unknown” on The Record.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Ransomware gang says it targets firms who have cyber insurance”

  1. stine

    Does this mean they've hacked the re-insurers? How else can they know which companies are insured for this?

    1. Graham CluleyGraham Cluley · in reply to stine

      That does appear to be what they're claiming, yes…

      I wonder who is insuring the insurance companies?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.