In view of the U.S. Department of Justice’s (DOJ) successful seizure of most of the cryptocurrency paid ($2.3 million) to the ransomware hackers by Colonial Pipeline last month — and my continued use of the UK RUSI report as a reference, this is a good time to jump ahead in the report and consider Part Three titled, “The Role of Financial Disruption in Tackling IP Crime.”
Part Three of the report addresses the need for financial institutions to disrupt the ability of thieves to collect the proceeds of their crimes.
One sub-section is titled, “Crypto-Asset Service Providers.”
As an IP investigations and protection blogger, I am interested to know how the DOJ could seize the cryptocurrency, and the answer was provided in the RUSI report,
“… blockchain analytics, namely the ability to analyse publicly available transaction data recorded on the respective virtual asset’s blockchain.”
And to reinforce the notion of applying this seizure technology, a blog post written by Dr. Tom Robinson, Co-Founder and Chief Scientist at Elliptic, titled, US Authorities Seize Affiliate’s Share of the Darkside Ransom Paid by Colonial Pipeline, details how his company could identify the Colonial Pipeline bitcoin transaction in particular, and said,
“This action by US authorities demonstrates the value of blockchain analytics to track down proceeds of crime in cryptocurrency, and ensure that ransomware does not pay for the criminals behind it.”
*Elliptic is a blockchain analytics financial compliance firm.
This is encouraging news. It is important for IP investigators, attorneys, and CEOs to know there is a technology that can track a cryptocurrency ransom payment after it is made.
The hackers may remain anonymous (for now) but there is a mechanism in which to retrieve the extortion payout before the criminals empty their cryptocurrency wallets.
NOTIFY LAW ENFORCEMENT IMMEDIATELY
This seizure illustrates the benefits of making a prompt notification to law enforcement when attacked. But, can all companies expect the same response from law enforcement?
As we know, most ransomware attacks do not affect critical infrastructure. Companies with IP taken hostage (i.e., trade secrets) often pay a ransom in the thousands of dollars instead of millions. These cases may not receive as urgent a law enforcement response (even though we applaud DOJ’s recent establishment of the “Ransomware and Digital Extortion Task Force“.)
CAN COMPANIES RETRIEVE THEIR RANSOMWARE-PAYOUT THROUGH AN EX PARTE SEIZURE ORDER?
It may be worthwhile for companies (that pay a ransom in cryptocurrency) to contract with a blockchain analysis firm, and, if the analysis identifies the crypto wallet with the ransom payment, to consider applying for an ex parte seizure order under the Defend Trade Secrets Act.
Of course, it won’t take long for hackers to adjust to cashing out as soon as the ransom lands in their cryptocurrency account.
Traditionally, for example, fraudsters—through (paper currency) bank accounts attached to their shell companies — cash out and vanish as soon as a victim’s money lands.
Disclaimer: IPPIBlog.com is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPPIBlog.com. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.
This is an excellent edition
The FBI and other Cyber Security entities combined their efforts for
this successful conclusion.To be certain there is more work to be done.
Tom Manley Special Agent FBI-Retired