Cyber Incident Victim: Sapiens International Corporation
Date:
Jun 2020
Location:
Israel
Summary
Sapiens International Corporation paid a $250,000 Bitcoin ransom to hackers who compromised its systems during a shift to remote work, exploiting security vulnerabilities. The software provider for global insurance and finance clients did not report the incident to exchange authorities. Attackers deployed ransomware via malicious links, seizing control of computers and demanding cryptocurrency payment, disrupting operations without public confirmation or denial from the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2020, Sapiens International Corporation, a Holon-based software developer serving insurance and financial sectors globally, experienced a ransomware attack that disrupted its operations. Hackers infiltrated the company’s systems, likely exploiting security vulnerabilities arising from its rapid transition to remote work during the COVID-19 pandemic. The attackers deployed malicious code—typically distributed through phishing emails or compromised links—to seize control of Sapiens’ computers and networks, threatening to lock the company out permanently unless a ransom was paid. Faced with operational paralysis, Sapiens negotiated with the threat actors and ultimately transferred $250,000 in Bitcoin to secure the release of its systems. The company did not disclose the incident to U.S. or Israeli securities regulators, maintaining confidentiality throughout the event. This attack occurred amid reported revenue growth in Sapiens’ primary markets, with Q1 2020 earnings rising 16.7% year-over-year in the U.S. ($44.5 million) and 25% in Europe ($40.2 million), contrasting with declines in Asia Pacific and South African operations.
The incident exemplified prevalent ransomware tactics observed during the pandemic, where threat actors targeted organizations adapting to distributed workforces. Coveware’s industry analysis indicated such attacks averaged $40,000 in ransom demands during 2019, with 98% of victims regaining system access after payment—a statistic aligning with Sapiens’ reported outcome. The attackers leveraged Bitcoin’s anonymity to obscure their identities, a common practice in cyber extortion schemes. While Sapiens did not publicly confirm operational disruptions or data compromise, the attack highlighted sector-specific risks for software providers handling sensitive financial client data. The company, employing 2,500 personnel worldwide including 900 in Israel, faced no disclosed regulatory penalties or client attrition linked to the event. Its decision against formal disclosure contrasted with typical breach notification protocols, reflecting strategic handling of reputational and legal exposure. Financial filings showed no immediate material impact on reported earnings following the incident.