By Austin Max Scherer
On June 7, the Justice Department seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective. This resulted from investigators tracing more than 75 Bitcoins worth as the money moved through a “maze” of at least 23 different electronic accounts belonging to DarkSide, the hacking group. DarkSide operated by providing ransomware to affiliates. Iin exchange, DarkSide reaped a cut of the affiliates’ profits. DarkSide began as an affiliate for another Russian hacking group called REvil, the group that recently used ransomware to try to extort money from JBS, one of the world’s largest meat processors. Law enforcers viewed this seizure as a warning to cybercriminals that the United States would go after the hackers’ profits, which typically derive from cryptocurrencies. In addition, law enforcement now hope this recent action will encourage victims of ransomware attacks to notify the authorities to help recover ransoms. The Federal Bureau of Investigation (FBI) actively discourages ransom payments; however, ransom payments are still legal and they are even tax deductible!
Seizure of Ransom Payments
Law enforcement has found a breakthrough due to the fact that, “bitcoin transactions are available on a publicly distributed ledger, in many cases law enforcement can trace bitcoin payments and track stolen funds.” Furthermore, the FBI was able to obtain the private key for the hackers’ accounts, the key essentially serves as a password which enabled the FBI to move bitcoin out of the wallet. The seizure itself yielded $2.3 million worth of bitcoin. The Special Prosecutions Section and Asset Forfeiture Unit of the U.S. Attorney’s Office for the Northern District of California is handling the seizure, with significant assistance from the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section and Computer Crime and Intellectual Property Section. The task force stated they would prioritize the disruption, investigation, and prosecution of ransomware and digital extortion. Conversely, the ransomware attacks are generally unsophisticated. “Hackers often use phishing and send employees emails containing suspicious links or attachments.”
This coincided with President Biden’s first foreign trip, as he is expected to discuss the issue with Russian President Vladimir Putin. Senior Biden administration officials deemed ransomware, as a national threat. Secretary of State, Antony Blinken stated the following, “states cannot be in the business of harboring those who are engaged in these kinds of attacks.” FBI Director Christopher Wray further emphasized this complaint by stating, “if the Russian government wants to show that it’s serious about the issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing.” Antony Blinken and Christopher Wray’s concerns are supported by the fact that, according to Chainalysis, a firm that tracks cryptocurrency payments, victims paid at least $412 million in cyber ransom attacks last year.
Biden Administration Responses
In response to the series of ransomware incidents, the Biden administration, “announced that it would require pipeline companies to report significant cyberattacks that the government would create 24 hour emergency centers to handle serious hackings.” However, even these efforts may not be enough as the FBI emphasized that all government agencies, private sectors, and, “even the average American.” It would be quite the optimistic approach for the government to believe that all players in the cryptocurrency world will partake in dismantling these ransomware attacks, so a wait and see approach is best suited for now.
Several government officials have called for action against the ransomware attackers and the foreign states that harbor these attackers. Senator Mark Warner stated the following, “We must make clear to Russia-and any other adversaries-that they will face consequences for this and any other malicious cyberactivity.” In addition, Microsoft reported, “the goal of the hackers was not to go after the aid agency itself, instead, its motivation appeared to be to use emails purporting to be from the U.S. government to get inside groups that have revealed Russian disinformation campaigns, anti-corruption groups and those who have protested the poisoning, conviction and jailing of Russia’s best-known opposition leader, Alexie A. Navalny.” Furthermore, government officials have taken the position that the U.S. response to SolarWinds, a software supply, should have been harsher. The question then becomes, how does the U.S. implement a harsher response, and with sanctions applied to Russia already substantial, how much of a role can sanction play? One answer is that to be effective, sanctions must be multilateral and well-coordinated. The last four years the U.S. has not coordinated its sanctions. President Biden’s trip to Europe should provide some insight to these inquiries. Another response to ransomware attacks and cybercrimes has been prosecution of the perpetrators.
The current issue of the IELR will have a more comprehensive discussion of the ransomware attacks, the seizure, and implications.
 Rising third year law student, Washington College of Law, American University; M.S., Finance, American Univ; B.A., George Washington Univ.
 Katie Benner and Nicole Perlroth, Seizing Money, U.S. Retaliates For Cybercrime, N.Y. Times, Jun. 8, 2021, at A1.
 Sadie Gurman, David Uberti, and Dustin Volz, Pipeline Ransom Money Seized By U.S., Wall St. J., Jun. 6, 2021, at A1.
 Ellen Nakashima, Authorities recover about $2 million paid in ransom to pipeline hackers, Wash. Post, Jun. 8, 2021, at A18.
 For Immediate Release: Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside, Dept. of Justice, Jun. 7, 2021, https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside (last visited Jun. 10, 2021).
 Rachel Lerman, Meat supplier JBS paid $11 million in ransom after hackers targeted plants, Wash. Post, Jun. 10, 2021, at A22.
 Nakashima, supra note 10.
 Benner and Perlroth, supra note 2.
 Nakashima, supra note 10.
 Benner and Perlroth, supra note 2.
 Nicole Perlroth and David E. Sanger, Calls for Action Against Russia for Cyberattack, N.Y. Times, May. 29, 2021, at A1.