This article was originally published in Blockchain Industry Review - a Crypto Curry Club Magazine published monthly and available in soft copy and the printed version.
Written by Guest Contributor, Mathew Green,
IP, Tech, Media and Commercial Lawyer of boutique litigation firm, Brandsmiths
Recent newsreels are littered with stories of ransomware attacks, payment of cryptocurrencies to reobtain access to systems and data, and gestured debates on whether these ransoms should be paid.
But one fundamental aspect in this debate is missing- the idea of recovering those cryptofunds paid to satisfy the demands. This ultimately deprives the hackers from profiting from their actions and eliminates their raison d'être. It also ensures funds are rightfully returned to the victim. Here the process is driven by the victim to reclaim their assets, rather than law enforcement who chase the bad guys, and do not always have the capabilities or will to recover the assets for the wronged.
To many, the road to recovery appears insurmountable. Cryptoassets must be traced and located, and the account holders must be de-anonymised, even before those assets can be frozen and returned to the victim. Not only has this been done, but the process has been approved in and by the UK Courts- see our press release and our High Court judgment- setting an established path for more crypto ransoms to be recovered.
So how is this done?
By their design, blockchains allow for assets to be traced, so monitoring ransoms paid and their traceable proceeds should be straightforward. Established leaders like Chainalysis and Elliptic, through to solitary bedroom detectives, provide tracing services and can map out a ransom’s journey across blockchains. The key is to understand what to do with the evidence detailing the whereabouts of the cryptoassets and when to pounce.
Criminal enterprises need to cash out and turn crypto into fiat currency (like pounds, dollars, euros etc.) and this is where the exchanges come in. Exchanges are the gateway and can assist in both the freezing of funds and the revealing of who owns the account the funds sit within. They usually play ball with lawyers and investigators for several reasons, to uphold the integrity of the industry from which they profit, to at least be seen to comply with increasingly relevant financial regulations which propel them to legitimacy, and because they do not want to be seen to assist criminals and withhold criminal funds. In short, it is motivated by PR and financial regulations, both of which are crucial in validating the industry as a whole.
The next stage is focused on legal principles, which allow for the freezing of the located assets, or their traceable proceeds, and to discover the identity of the account holder.
Until recently, the UK Courts had not recognised cryptocurrencies as property, which the common law defines as either something capable of being possessed or enforced by an action. Interpreted narrowly, cryptoassets are neither, given that they are virtual, intangible and do not embody a right capable of being enforced. The UK Jurisdictional Task Force’s Statement on Cryptoassets and Smart Contracts sought to widen the definition of property to include cryptoassets, and this approach was then adopted by the UK High Courts. Now cryptocurrencies can be subject to Court orders, and like any other asset, they can be frozen and seized just like a car, house or cash.
Lawyers can now make an emergency request to the Courts that those located funds are frozen and that exchanges provide the details of the individual behind the account. Once given, the victim has a UK Court order preventing any dissipation of these funds, the exchange is required to reveal the identity of the person who holds the funds. This person may not be the actual perpetrator who demanded the money in the first place, but will likely be connected to that wrongdoing. In any event, the priority is the return of the funds.
From there, lawyers can handle the recovery of funds in the usual way, which is in principle no different from the recovery of any asset from around the world. The UK Courts have sought to assist victims and can do so, provided that there is an appropriate link to the UK.
The third way
Much of the narrative on ransomware payouts is binary and authorities in the UK, France and the US have sought to mandate a strict ban on insurance coverage for, and payment of, ransoms in general. A recent BBC debate on whether ransoms should be paid failed to consider the recovery route, continuing to perpetuate that no third way is available.
The arguments go that an outright ban on ransomware payments could up the ante, as key utilities are paralysed, the most vulnerable become increasingly targeted with ransom demands skyrocketing. Conversely, paying ransoms has led to the explosion of organised digital crime and there are now customer friendly call centres guiding victims on the best way to pay ransoms via cryptocurrencies.
One victim of this debate is the insurance market and the insurers providing cyber policies. Either they are not allowed to pay ransoms and their customers are vulnerable to operational meltdown, the destruction of customer trust and collapse in general, or they pay and continue to perpetuate the market for ransomware, itself an expensive enterprise and a PR disaster overall.
By utilising tracing and investigatory reports, the Courts can freeze assets, block accounts and disclose the identities of the holders of stolen funds. This completely breaks the cycle of hackers profiting from their wrongdoing.
Insurers are then able to fulfil their contractual obligations to their clients and pay ransoms and then seek to trace and recover those assets, costs of which may be built into their policies.
Expertise is available
The seemingly impossible tasks of de-anonymising the nameless on the blockchain, and the tracing of cryptoassets are anything but. Victims must remember that at some point, cryptocurrencies must be converted into fiat currency or other seizable assets (could be real estate, or artwork for example), and it is at this moment that the cryptoassets are vulnerable to attack.
Blockchain technology allows us to trace the funds in a way a £10 cash withdrawal cannot, and there is expertise available to recover funds, and deprive the criminal enterprises altogether.
It is a matter for professionals to spread the word that cryptofunds are not only recoverable, but by the very nature of blockchain technology, they are most traceable asset class out there.