June 17, 2021

Volume XI, Number 168

Advertisement

June 16, 2021

Subscribe to Latest Legal News and Analysis

June 15, 2021

Subscribe to Latest Legal News and Analysis

June 14, 2021

Subscribe to Latest Legal News and Analysis

Recent Ransomware Attacks Call for More Oversight of Crypto-Transactions

After the attacks on JBS and Colonial Pipeline, the U.S. Treasury Department will likely consider increasing its enforcement of anti-money-laundering laws and adopt new reporting requirements for cryptocurrency transactions.

In ransomware attacks, hackers demand payments after locking victims out of their computer networks; de-anonymizing payments could create a disincentive for these hackers to continue pushing such ransomware extortion schemes. Currently, hackers use digital currencies as a way to avoid regulations within the traditional financial system. If the Treasury Department applies many of the same anti-money-laundering laws to cryptocurrency transactions, it could assist in identifying the cybercriminals (and perhaps lessen the number of attacks).

What would help make these regulations effective? Well, requiring disclosure of who is using the digital wallet and where the crypto-currency ransom is being sent would be a start. Lawmakers may also want to consider oversight of the exchange of cryptocurrencies for other currencies (such as the U.S. dollar). The problem? U.S. regulations of cryptocurrency would not reach overseas, which is often where cybercriminals cash out their funds. Of course, U.S. authorities could use sanctions to prevent exchanges from transacting in U.S. dollars unless all participants agree to utilize a crypto-reporting system.

Of course, this is not the first time that this oversight has been discussed. Late last year, the Treasury Department proposed a rule to require banks and exchanges to report transactions over $10,000 using digital wallets NOT hosted by a financial institution. This is similar to the existing rules for cash withdrawals over that amount. This type of reporting rule would assist law enforcement in tracking money flows for cybercrime.

Crypto exchanges already have to report on customers’ suspicious transactions. The proposed rule would add reporting for when unhosted wallets are involved, regardless of whether the transaction is considered suspicious. Unhosted wallets are similar to anonymous bank accounts.

This proposed rule came after U.S. companies were warned that paying ransom to hackers could violate U.S. sanctions. That warning encouraged companies to cooperate with law enforcement in order to protect themselves from liability for erroneously paying a ransom to an entity on the sanction list.

A Treasury Department spokeswoman said that the proposed rule for reporting crypto- transactions “is actively moving through the rulemaking process” after receiving thousands of comments in response.

When cyber-attacks on large businesses like JBS and Colonial Pipeline affect consumers’ gas prices and the availability of meat at the grocery store, it likely will lead to increased public scrutiny and a call for action on cryptocurrency and other issues tied to ransomware.

Of course, the underlying issue in these ransomware attacks is the lax (or lack of) security safeguards to protect data housed at these companies that have been (and will be) under attack. Businesses should focus on security and prevention to stop these attacks from happening, and from having to negotiate and pay a ransom at all.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 161
Advertisement
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement