Following the attacks on JBS and Colonial Pipeline, the U.S. Treasury Department is likely to consider stepping up anti-money laundering law enforcement and introducing new reporting requirements for cryptocurrency transactions.
In ransomware attacks, hackers demand payment after banning victims from their computer networks; De-anonymizing payments could prevent these hackers from advancing such ransomware extortion programs. Hackers are currently using digital currencies to circumvent regulations within the traditional financial system. If the Treasury Department applies many of the same anti-money laundering laws to cryptocurrency transactions, it could help identify the cyber criminals (and potentially reduce the number of attacks).
What would help these regulations to take effect? Well, disclosing who is using the digital wallet and where the cryptocurrency ransom is being sent would be a start. Legislators may also want to consider overseeing the exchange of cryptocurrencies for other currencies (such as the US dollar). The problem? The U.S. cryptocurrency regulations wouldn’t get overseas, where cyber criminals often cash out their funds. Of course, US authorities could impose sanctions to prevent exchanges from being conducted in US dollars unless all participants agree to use a crypto reporting system.
Of course, this is not the first time this oversight has been discussed. Late last year, the Treasury Department proposed a rule requiring banks and exchanges to report transactions over $ 10,000 using digital wallets that are NOT hosted by a financial institution. This is similar to the existing rules for withdrawing cash above this amount. This type of reporting requirement would help law enforcement agencies track money flows for cybercrime.
Crypto exchanges are already required to report suspicious transactions from customers. The proposed rule would add reporting for unhosted wallets regardless of whether the transaction is classified as suspicious. Unhosted wallets are similar to anonymous bank accounts.
This proposed rule came after US companies were warned that paying ransom money to hackers could violate US sanctions. This warning encouraged companies to work with law enforcement agencies to protect themselves from liability for mistakenly paying a ransom to an entity on the sanctions list.
A Treasury Department spokeswoman said the proposed rule for reporting crypto transactions “is actively going through the rulemaking process” after receiving thousands of comments in response.
If cyberattacks on large companies like JBS and Colonial Pipeline affect consumer gas prices and the availability of meat in the grocery store, it will likely lead to increased public scrutiny and a call to action over cryptocurrency and other ransomware-related issues.
The underlying problem with these ransomware attacks is of course the lax (or lack of) security measures to protect the data of these companies that have been (and are) attacked. Organizations should focus on security and prevention to prevent these attacks and avoid negotiating and paying ransom at all.
Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 161