[BreachExchange] Digital Assets: Nasdaq-Listed Software Company Sapiens Paid $250K Ransom to Hackers Amidst COVID

Destry Winant destry at riskbasedsecurity.com
Mon Jun 29 10:33:12 EDT 2020


The company chose not to report the incident to U.S. or Israeli
exchange authorities, according to Calcalist.

Sapiens International Corp. N.V. (NASDAQ: SPNS), an Israeli software
company listed both on the Nasdaq and in Tel Aviv, was allegedly
forced to pay $250,000 in bitcoin to hackers amidst the COVID-19
crisis. (Calcalist Tech)

Quoting an anonymous source, Calcalist said the hackers took advantage
of the COVID-19 situation when most of Sapiens’ employees had to work
from home. They allegedly threatened to shut down the firm’s computers
unless paid the ransom.

Sapiens shook down for 250K BTC

Sapiens develops software for hundreds of insurance and finance
companies around the world. The company is based out of Holon, a
suburb of Tel Aviv, and employs 2,500 people out of which 900 work in

The hackers exploited security loopholes in the system, possibly due
to the sudden unplanned shift to remote working from home following
the outbreak of the coronavirus.

In a typical ransom attack, an unsuspecting victim clicks on a link
sent via a chat or email. After clicking the link, the victim connects
to a malicious website that implants a malicious code on their
computer, and thereafter the corporate system.

The code allows the remote bad actors to hijack control of the entire
system and shut it down if need be. That is exactly what they
threatened to do to Sapiens. The alternative: cough up a ransom.

To cover their tracks, and obliterate proof of payment, the cyber
villains usually demand their ransom in a cryptocurrency such as

According to Calcalist, Sapiens thereafter had to pay $250,000 in
bitcoin. The company did not report the matter to the Israeli or
Nasdaq exchanges.

Sapiens has neither confirmed nor denied the report, the Calcalist said.

Knoxville, TN hit by a ransom attack

Meanwhile, the City of Knoxville, TN was forced to bring down its IT
network after a ransomware attack last week.

COO David Brice confirmed receipt of an undisclosed ransom demand.

The officials suspect that the attack was triggered because an
employee mistakenly clicked a phishing email.

However, the malicious software infected multiple systems, including
the Knoxville Police Department before its detection.

Previously, other local governments such as  Atlanta, Baltimore, and
New Orleans have suffered systems outages due to such malevolent

More information about the BreachExchange mailing list