A United Kingdom High Court ordered a proprietary injunction on Bitcoin (BTC) obtained through a ransomware attack on a Canadian insurance company. A proprietary injunction is an order which prevents a person from dealing with their own assets when it is subject of a proprietary claim : BTC Ransomware.
On Jan. 17, the UK High Court released Commercial Court Decision concerning a ransomware attack, in which over 1,000 computers of the insurance company were rendered unusable through the use of malware that encrypted files, making them unaccessible. The unidentified attackers demanded $1.2 million in Bitcoin in exchange for decrypting the data.
The firm’s insurer covered the client’s losses from cybercrime and agreed with the hackers to pay $950,000 in Bitcoin to decrypt the files, and received a tool to unlock them 24 hours after making the payment.
Still, the company needed 10 days to restore all of its systems, including 20 servers and 1,000 desktop computers.
The tool was a click through application that had to be executed on each of the Insured Customer’s encrypted systems. The time it took to decrypt the data varied from system to system due to the quantity of the files on each system and the system’s own resources, like processor and memory. The information before me is that it took decryption of 20 servers of the Insured Customer five days and 10 business days for 1,000 desktop computers.
Bitfinex asked to hand over account data – BTC Ransomware
The company’s insurer hired blockchain major analytics firm Chainalysis to track the ransom.
Those investigations involved contacting a specialist company who is a provider of software to track payment of crypto currency. That company is Chainalysis Inc, which is a blockchain investigations firm operating in New York, Washington DC, Copenhagen, and London. They are known in the public domain not least because their work was referred to in a recent High Court case of Liam David Robertson v Persons Unknown, CL-2019-000444, unreported, 15th July 2019, a decision of Moulder J, where she relied upon an analysis provided by that entity to track 80 Bitcoin to a wallet/account/address held by a crypto currency exchange called “Coinbase”.
The analysis revealed that most of the Bitcoin, 96 BTC had been immediately laundered through crypto exchange Bitfinex. The court required Bitfinex to provide any information concerning the holder of the account that received the ransom by Dec. 18, 2019.
I consider that there are three reasons why I should make an order for alternative against the third and fourth defendants as well. The first is that this is really an urgent application. It is very important that it comes to their attention quickly because it is concerned with the 96 Bitcoins which could be dissipated at any moment. That really leads on to the second point, which is that because of the very nature of Bitcoin they can be moved at the click of the mouse and therefore steps should be taken for the proprietary injunction to come to the attention of the account at the exchange at which the Bitcoin are held at the earliest possible opportunity. Thirdly, ultimately, these Bitcoin belong to the claimant, it is a proprietary claim, and it is important that the injunction is placed as soon as possible so that their rights are preserved and the risk of that property departing to an unknown location are minimised.
According to a Jan. 25 report from New Money Review, the case is still ongoing. Darragh Connell, the insurance company’s legal representative, said, “Return hearings of the interim injunction will be heard again in due course before Mr Justice Bryan who has reserved the case to himself […] As this is only the interim stage, my client’s claim will need be determined after a trial in the Commercial Court in London.”
The other aspect of the injunction, the proprietary injunction, is an application that information be provided both in terms of the identity and address of D3 and D4 and that applies to all four defendants, i.e. that D3 and D4 identify D1 and D2, equally D1 and D2 have to identify themselves, including their address, and any associated information that D3 and D4 may have in relation to D1 and D2. I am satisfied that that information is necessary to police the proprietary injunction that I have granted for the reasons that I have said and also I consider that the associated information would also be appropriate to be provided by way of pre-action disclosure in the action which the claimant is undertaking to commence forthwith against all four defendants. I will hear counsel in terms of the finalisation of the precise form of information to be provided.
In terms of timescale I can see no reason why that information should not be provided within short order. The claimant has been in correspondence with Bitfinex for some time. I have no doubt that Bitfinex has the ability to access its records and its KYC material to identify the information that is sought in relation to D1 and D2 and equally D1 and D2 clearly will know themselves that information.
What I am going to do is stagger the time by which the information has to be provided such that Bitfinex i.e. D3 and D4, should provide it by 4 p.m. next Wednesday, which I think is the 18th and that D1 and D2 provide the information by 4 p.m. on the 19th. I say that because until the information is supplied by D3 and D4 these proceedings may not come to the attention of D1 and D2 and so they would be unable to comply and it would be wrong in principle, it seems to me, to make the order for them to provide information at a time when it is possible the order may not have come to their attention.
That would mean, therefore, though, that everyone would have had to comply with the order by the return dateTherefore, for the reasons I have given I am satisfied that it is an appropriate case for the granting of a proprietary injunction in the terms that I have identified against all four defendants, and for the reasons I have given, and it is appropriate to serve the amended claim form out of the jurisdiction and I give permission to do so under the gateways I have identified, together with alternative service for the reasons I have given.
Read more Bitfinex.
Feel free to comment this BTC Ransomware article.