The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors.

The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the High Court of Justice on January 17, 2020.

As relayed in the judgement, a Canadian insurance company suffered a ransomware infection in the fall of 2019 when malicious actors slipped past its security defenses and encrypted its systems using BitPaymer. They then dropped a ansom note on the encrypted systems. This message read as follows:

Hello [insured customer] your network was hacked and encrypted. No free decryption software is available on the web. Email us at […] to get the ransom amount. Keep our contact safe. Disclosure can lead to impossibility of decryption. Please use your company name as the email subject.

The Canadian insurance company was insured by an English insurance company against digital crime at the time of the attack. This English firm instructed an incident response company to negotiate on behalf of its customer with those attackers who posted their ransom demands.

Through these negotiations, the parties eventually agreed to a deal in which the English insurance company sent 109.25 bitcoin (worth approximately 1,017,500 USD at the time of writing) over to the attackers. Those individuals, in turn, sent over a decryption tool that the Canadian insurance company used to restore its systems. This process took five days for the company to restore 20 servers and 10 days to recover 1,000 desktop computers.

The United Kingdom’s High Court of Justice

The incident didn’t end there, however. The English insurance company conducted an investigation into where its bitcoin payment had gone. Its efforts revealed that the ransomware actors had deposited about 96 bitcoins into an unknown individual’s (Read more...)