An insurance policy provider needed help to trace a ransom payment made on behalf of a policyholder who fell victim to a ransomware attack. They needed support to mitigate the risks and consider recovery options.

The challenge

Ransom payments are increasingly a reality yet bring significant risks around international sanctions and anti-terrorism legislation. When our client's policyholder was subject to a catastrophic ransomware attack, the need for forensic and investigative services was crucial – requiring real-time tracing of a bitcoin payment to mitigate these risks and formulate a recovery strategy.  

How we helped

Working in close collaboration with the client, we established a notification and tracing protocol, and utilised advanced blockchain analytics. In an innovative departure from traditional asset tracing exercises, we carried out a live-tracing of the ransomware payment in real-time using proprietary attribution software. 

The results

We successfully traced the payment to the client's satisfaction, and monitored certain elements for a period after. This gave the policyholder time to focus on restructuring systems and security protocols.

This case sets a benchmark for navigating cyber threats and emphasises the significance of early expert involvement in dealing with digital assets.

This case sets a new benchmark for navigating cyber threats and highlights the crucial role of early expert involvement in dealing with digital assets
Carmel King Partner, Asset Recovery, Grant Thornton UK LLP

About our team

The Digital Asset Recovery Team combines blockchain analytics with corporate intelligence and digital forensic techniques. We conduct investigations for clients experiencing financial loss through hacks, ransomware attacks, fraud or insider theft, and where the proceeds are dissipated in cryptocurrencies and digital assets.
Carmel King, Partner
Carmel King, Partner
Partner and Digital Asset Recovery Lead