In Israel, ransomware attacks against private companies pose a new kind of national security threat

Every week approximately a thousand institutions in Israel are hit with a cyberattack. It is a constant barrage of computer infiltrations. Most are ransomware attacks, and the motive was money.

Until recently. 

In 2021, several incidents featured attackers demanding ransom, but their behavior ran counter to typical ransomware heists and suggested that lurking beneath the surface, they had different goals. They made their demands with extroverted gusto, like they intended their crime to be a public act. The targets were mainly mid-sized companies such as dating apps and insurance companies, large enough to cause public concern but not large enough to spark action from the Israeli state. Most telling, the groups behind the attacks have been linked to Iran to varying degrees. 

“I call this a hybrid threat. There are attacks that are considered political-cyber-offensive, which are by states or by non-state actors but with a political agenda,” said Gabi Siboni, the head of the cyber security program at The Jerusalem Institute for Strategy and Security. “And there are cyber criminals. But what you can see is that it’s getting mixed.”

This new generation of ransomware attacks underscores how a new front in the conflict between Iran and Israel is developing. Ostensibly financial crimes, ransomware has become a tool of statecraft with the geopolitical aim to damage the social bonds of Israeli society and public trust in the country’s institutions, rather than to damage infrastructure or extract a financial bounty.

While the Israeli Cyber Directorate has issued multiple recommendations and warnings about this new “wave of attacks,” the responsibility to protect private computer systems still rests with companies. The advent of geopolitical ransomware exploits a structural vulnerability: a route to damage the social cohesion of a country via geopolitical attacks that bypass state defenses.

Last October, in what is called the “Atraf” hack, Black Shadow, a group with links to Iran, hacked into the servers of CyberServe, an Israeli hosting company, accessing websites and applications of the company’s customers.

Among its customers was…