
A victim's insurance company convinced the UK courts to freeze a bitcoin wallet containing over $800K worth of a ransomware payment.
In October 2019, a Canadian insurance company was hacked by the Bitpaymer Ransomware operators who encrypted 1,000 computers and 20 servers. To receive a decryptor, the operators demanded $1.2 million as a ransom payment.
As the victim had a cyber insurance policy, their insurance carrier agreed to pay and after negotiations were able to reduce the paid ransom to $950 thousand in bitcoins.
Tracking the ransom payment
After making the ransom payment, the insurance carrier did something very smart.
They worked with blockchain data analysis company Chainalysis to track down the ransom payment to a wallet hosted at the Bitfinex cryptocurrency exchange. This wallet contained 96 bitcoins or approximately $860,000 at today's prices.
In a private hearing with UK courts, the insurance carrier requested that this wallet be frozen and that Bitfinex turn over information about the owners of the wallet.
The court documents state that the hearing was held in private to prevent the wallet holders from being tipped off and transferring the bitcoins elsewhere. There was also concern that the Bitpaymer actors would take revenge on the original victim by releasing confidential information or stolen data.
"If the hearing were to be held in public there is a strong likelihood that the object of the application would be defeated. First of all, there would be the risk, if not the likelihood, of the tipping off of persons unknown to enable them to dissipate the Bitcoins held at the second defendant's account with Bitfinex, the real possibility of reprisal or revenge cyber attacks on either the Insurer or indeed the Insured Customer by persons unknown, the possibility of copycat attacks on the Insurer, and/or the Insured Customer and the revealing of confidential information considering the Insurer's processes and the Insured Customer's systems which will be necessary on this application, in circumstances where the vulnerability of those very systems form the basis for the blackmail itself."
On January 17th, 2020, the courts granted a proprietary injunction to the claimant, which requires Bitfinex to freeze the wallet and not allow any transactions to occur with the wallet's cryptocurrency holdings.
Victims fight back again ransomware operators
This is an interesting tactic conducted by the insurance carrier as it allowed the victim to recover their files, but could also allow the carrier to recover a large portion of the ransom payment.
This is also not the first time that legal action has been taken by victims against ransomware operators.
Last month, ransomware victim Southwire sued the Maze operators for encrypting their network and publishing the company's stolen data. Counsel for Southwire also requested injunctive relief from the courts of Ireland to take down a site that was hosting stolen data that belonged to them.
While the Southwire lawsuit was filed against unknown actors, these legal actions are allowing victims to receive injunctions against other companies that are being used by the ransomware operators.
This includes sites that are hosting stolen data and now cryptocurrency exchanges that ransomware operators use to store their ill-gotten gains.
We can expect to see these legal tactics being used more commonly by victims, but they do pose a risk.
As ransomware operators are increasingly stealing data before encrypting computers, taking legal action against a ransomware operator may cause the threat actors to see reprisals such as releasing the stolen data or further attacks.
H/T CoinTelegraph
Comments
Dominique1 - 1 week ago
Keeping bitcoins in exchange wallets is the stupidest idea ever. Thieves doing that especially deserve the jail time. Exchanges can disappear like Quadriva did. As for myself, COINBASE stole $60 from me by locking me out of my account. NEVER AGAIN! Lesson learned the hard way! I need my bitcoin encryption keys, if it's not possible, those systems are scams.
woody188 - 3 days ago
Problem with crypto-currency is that it has no intrinsic value. It's worth what someone else will pay you for it. And if the power goes out, did you ever really have anything to begin with?
Add in the forking forever, and really all crypto-currencies are just digital fiat.
Allen77 - 11 hours ago
Its sadden to see fellow humans being scammed of their hard-earned money on a daily basis.
One cant be too careful with all this trending wallets.
I invested thousands of dollars from my retirement money to buy Bitcoin last year april when Bitcoin was bullish and all disappeared from my wallet after HODL . i sent loads of mails to the company and they couldn't help me.
I was angry, depressed sick and hospitalized for weeks...I had to recover my lost Bitcoin from those fraudsters and after along time of searching i was introduced to a tech through an old friend who also lost her Bitcoins, she said hes an expert in Bitcoin recovery so i got his mail and sent him my sad story he replied within minutes and asked asked for my Bitcoin details...
long story short, i got all my lost bitcoins back within days with interest... Engineer smith was God sent, he changed my perspective about technology...He kept in touch during the recovery stages and assured me of positive outcome and at last i smiled again after recovering all my lost bitcoin with % increase.
Let me drop his email for those that needs it. .... Zacharysmiths@techie.com