Elliptics rapid response to ransomware: A four-step plan for readiness resolution and identifying the attacker

Are you cyber aware?

With what the world witnessed, from Friday’s cyberattack on tens of thousands of computers around the world revealed businesses’ and other organisations’ vulnerability to ransomware and extortion. Elliptic (www.elliptic.co) is a Bitcoin intelligence firm that can guide banks and corporations through the ransomware process and work with law enforcement to identify the attackers.

Dr James Smith, Elliptic’s co-founder and CEO said: “Through our extensive Bitcoin ransomware work in the United States, United Kingdom, and Europe, we have put together a comprehensive plan for ransomware readiness.”

“Most ransomware attacks follow the same general pattern,” explains Elliptic co-founder and lead investigator Dr Tom Robinson. “The victim is given a Bitcoin (or other cryptocurrency) payment address, and a deadline to make payment. Most people incorrectly assume there is nothing that can be done to identify the perpetrator after payment is made.”

Elliptic works with clients to deploy a four-step plan for ransomware readiness and response, including measures to identify the attacker.

1. Assess the risk:

Not all ransomware is worth paying. Elliptic’s team of experts may be able to decrypt the ransomware; or there may be indications that the attacker will not decrypt your machine even after payment. In the case of Friday’s WannaCry attack, there is no evidence at the time of writing that the attacker will ever decrypt the compromised machines.

Based on its deep experience and extensive network in ransomware investigations, Elliptic provides clients with an expert recommendation on whether to proceed with the ransomware payment.  

2. Obtain the Bitcoins:

Ransomware operations usually demand payment quickly, sometimes in as little as 24 hours. It can be difficult for a company to secure large quantities of Bitcoins at short notice. “Most Bitcoin exchanges Know Your Customer (KYC) policies that prohibit them from selling new clients a significant amount of Bitcoins,” explains Robinson.

“Often a company will have the cash ready to purchase Bitcoins, but the exchange cannot legally open an account and complete the transaction before the ransom is due.”

Elliptic helps its clients draw up a plan to rapidly access large volumes of Bitcoins and other cryptocurrencies in case of a ransomware attack.

Elliptic can help clients obtain Bitcoins through its network of exchanges and liquidity providers.  

3. Make the payment:

Robinson said that large Bitcoin payments can be confusing for companies that are not used to dealing in cryptocurrencies. “Constructing a large Bitcoin transaction is a technical process. You need to define the right transaction fee, verify the destination, and sign the transaction appropriately.” “Too low a fee and your transaction might never clear; send it to the wrong address and your Bitcoins are gone forever. It’s also important that the ransomer knows which of their victims is making the payment.”

Elliptic will prepare and execute your transaction, or we can also dispatch one of our experts to your location to perform the transaction on the premises.

4. Identify the attacker:

Bitcoin transactions are difficult but not impossible to trace. Elliptic has developed advanced Bitcoin investigation software and employs a team of investigators with advanced degrees in computer science and decades of experience in the world’s top law enforcement agencies. Elliptic’s software and investigators have delivered actionable intelligence to identify ransomware and cyber-extortion attackers in the US, UK, and EU.

Smith said: “We are able to connect the dots between Bitcoin activity and real world actors.”

“We only provide our forensic investigation services in collaboration with law enforcement, and we have a very high success rate in delivering actionable intelligence on complex Bitcoin investigations.”

Robinson added: “We actively trace proceeds of ransomware and cyber extortion, and we alert our Bitcoin exchange customers if they receive illegal funds. Our goal is to defeat ransomware by making it extremely difficult to launder the proceeds of these crimes.”

If you are interested in learning more about Elliptic’s products and services, please complete the contact form at www.elliptic.co

About Elliptic:

We reveal the truth behind Bitcoin activity. Elliptic’s team of computer scientists and former law-enforcement agents has developed software to make Bitcoin activity more transparent and accountable.

Today the world’s largest banks and Bitcoin exchanges use Elliptic software to monitor billions of dollars in Bitcoin transactions every month, and the top law enforcement agencies use Elliptic software to investigate Bitcoin’s role in cases of terrorist financing, arms trafficking, child pornography, and blackmail.

Elliptic’s software is recognised in the Bitcoin industry as the standard for regulatory compliance and forensic investigations.

Elliptic is based in London and Washington DC.

Social Bookmarks