High Court grants proprietary injunction over Bitcoin cyber ransom payment to a third party
Instances of Ransomware are becoming increasingly common. We regularly deal with these types of cases and are seeing an escalation in both the sophistication of the attacks and the ransom demands being made.
The decision of AA v Persons Unknown & Ors, Re Bitcoin  EWHC 3556 (Comm) of the English High Court provides some hope that in the right case, some of the ransom could be recovered.
The customer of an English insurer (who chose to remain anonymous) suffered a ransomware attack in which their data and systems were encrypted and a Bitcoin ransom payment was demanded. The Insurer, after some negotiation, agreed to pay the ransom in exchange for a decryption tool. The payment was about $950,000. After the ransom was paid, the Insurer investigated whether it could be recovered. While some of the Bitcoin had been transferred into untraceable legal tender, a substantial portion of the Bitcoin could still be traced to a specific Bitcoin address. This address was linked to an exchange platform called Bitfinex operated by two of the Defendants in the case. The other two Defendants were the unknown persons who demanded the ransom and the unknown controllers of the Bitcoin address. The Insurer sought a proprietary injunction over the traced Bitcoin as the first step in recovering the ransom payment.
Fundamentally, the Court decided that crypto assets such as Bitcoin are considered to be 'property' capable of being the subject of a proprietary injunction. The Judge also decided that the test for a proprietary injunction was satisfied for the purposes of interim relief which included addressing the serious fraud issue that was to be tried and the traceability of the fraudulent recipient of the Bitcoin.
Asset tracing bitcoin payments can be a complex task. Obtaining an injunction in parallel is likely to be a cost intensive step, sometimes with potential further difficulty to come in enforcing any injunction. However, this case does at least provide a demonstration of what can potentially be done. If the sum involved is significant enough to make the process worthwhile, if it can be traced and if it is possible to move quickly, there might be some chance of recovery. It will not be the right move in every case, but where the sums are high enough, it could be worth trying.