red 
Friday’s cyber attack on tens of thousands of computers worldwide exposed the vulnerability of businesses and other organizations to ransomware and extortion. Elliptic can guide banks and corporations through the ransomware process and work with law enforcement to identify attackers.
“Through our extensive work on Bitcoin ransomware in the United States, United Kingdom and Europe, we have put together a comprehensive plan for ransomware preparedness,” says Dr. James Smith, Elliptic’s co-founder and CEO.
“Most ransomware attacks follow the same general pattern,” explains Elliptic co-founder and principal investigator Dr. Tom Robinson. “The victim receives a Bitcoin (or other cryptocurrency) payment address and a deadline for payment. Most people mistakenly assume that nothing can be done to identify the perpetrator after a payment has been made.”
Elliptic works with clients to implement a four-step plan for ransomware preparedness and response, including measures to identify attackers.
1. Assess the risk
Not every ransomware is worth paying for. Elliptic’s team of experts may be able to decrypt the ransomware; or there may be indications that the attacker will not decrypt your machine even after payment. In the case of last week’s WannaCry attack, there is no evidence as of this writing that the attacker will ever decrypt the compromised machines.
Based on its deep experience and extensive network in ransomware investigations, Elliptic provides clients with expert advice on whether to proceed with ransomware payments.
2. Get Bitcoins
Ransomware operations usually require quick payment, sometimes in as little as 24 hours. It may be difficult for a company to secure large amounts of bitcoins in a short period of time. “Most bitcoin exchanges have a know-your-customer (KYC) policy that prohibits them from selling a significant amount of bitcoin to new customers,” explains Dr. Robinson. “Often the company will have cash ready to buy bitcoins, but the exchange cannot legally open the account and complete the transaction before the ransom is due.”
Elliptic helps its clients put together a plan to quickly access large amounts of Bitcoin and other cryptocurrencies in the event of a ransomware attack. Elliptic can help clients obtain bitcoins through its network of exchanges and liquidity providers.
3. Make the payment
Large bitcoin payments can be confusing for companies that are not used to dealing with cryptocurrencies. “Building a large Bitcoin transaction is a technical process. You have to define the right fee for the transaction, verify the destination and sign the transaction appropriately,” explains Dr. Robinson. “Too low a fee and your transaction may never clear; send it to the wrong address and your bitcoins are gone forever. It is also important that the ransomer knows which of their victims is paying.”
Elliptic will prepare and execute your transaction, or we can send one of our experts to your location to execute the transaction on the premises.
4. Identify the attacker
Bitcoin transactions are difficult but not impossible to trace. Elliptic has developed advanced Bitcoin research software and employs a team of investigators with advanced degrees in computer science and decades of experience in the world’s leading law enforcement agencies. Elliptic’s software and investigators have delivered actionable intelligence to identify ransomware and cyber extortion attackers in the US, UK and EU. “We are able to connect the dots between Bitcoin activity and real-world actors,” says Dr. Smith. “We provide our forensic investigation services only in cooperation with law enforcement and have a very high success rate in providing actionable intelligence on complex Bitcoin investigations.”
dr. Robinson adds: “We actively monitor proceeds from ransomware and cyber extortion, and alert our Bitcoin exchange customers if they receive illicit funds. Our goal is to defeat ransomware by making it harder to launder the proceeds of these crimes.”
If you are interested in learning more about Elliptic products and services, please contact us.
Crypto Crime Global Compliance
