Ransomware gang says it targets firms with cyber insurance

Ransomware gang says it targets firms with cyber insurance

Ransomware gang says it targets firms with cyber insurance

The Record published an interesting interview last week with “Unknown”, a representative of the notorious REvil ransomware gang.

What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.

But more than that, the claim is made that the insurance companies themselves are hacked in order to determine who the ransomware gang’s next victim should be:

Do your operators target organizations that have cyber insurance?

Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.

It’s certainly not unknown for cyber insurance firms to suffer a ransomware attack. For instance, a year ago the Maze ransomware gang claimed to have stolen data from Chubb.

The Maze gang are no more, having announced they had quit the ransomware business. But there are plenty of other ransomware operations that continue to follow the same business model – including REvil.

EmailSign up to our newsletter
Security news, advice, and tips.

REvil (also known as Sodinokibi) has claimed responsibility for a slew of ransomware attacks against high-value targets, threatening to release stolen data to other criminals, or publish it on the internet, if a ransom is not paid.

One of REvil’s highest profile attacks was the compromise of Travelex, the now-defunct foreign currency exchange service.

Travelex reportedly paid out $2.3 million worth of Bitcoin to the REvil gang following the attack.

Be sure to check out the full interview by Dmitry Smilyanets with REvil;s “Unknown” on The Record.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *