Ransomware Incident Investigation and Cryptocurrency Tracing with OSINT


This is a real case study. Our team has handled several ransomware incidents and highlighted important artifacts during our incident response and investigations. The type of ransomware incident is RaaS (Ransomware as a Service). The attacker gathered information on the victim’s architecture, found the loopholes, gained access to the victim’s vulnerable servers, executed the ransomware, and locked the files. We have investigated the incident, negotiated with the threat actor, paid the ransom, received the decryptor, and unlocked the files. In the presentation, we will: 1) Explain the incident’s background briefly; 2) Show the ransomware malware forensics and its capability; 3) Briefly explain the methodology of tracing the ransomware wallet cash flow; 4) Compare the existing tools for investigation & 5) Demonstrate the tracing of our handled incident.
The audience can refer to our presentation for ransomware incident response and carry out further investigations regarding our real-world investigation case study. We expect to contribute our methodology to law enforcement and enterprise investigations in this demo and presentation.