Norton Rose Fulbright - Data Protection Report blog

An interim proprietary injunction has been granted by the English High Court over a bitcoin ransom payment paid to a third-party wallet.

The facts

The case was brought by an English insurer (requesting anonymity) against four defendants, consisting of unknown cyber-extortionists (as well as three other parties who respectively hold and/or trade Bitcoins). The claim related to a customer of the Insurer whose data and systems had been encrypted and bitcoin ransom payment demanded.

After some negotiation, the Insurer agreed to pay the ransom (equal to $950,000) in return for the decryption tool. Following the payment of the ransom and the provision of the decryption tool, further investigations were undertaken on behalf of the insurer as to the destination of the ransom – with the ultimate aim of recovering the Bitcoins by way of a restitutionary or equitable remedy.

Whilst some of the Bitcoins were transferred into fiat currency, a substantial proportion of the Bitcoins (96) were transferred to a specific address; this address is linked to the exchange known as Bitfinex, operated by the third and fourth defendants. The insurer sought a proprietary injunction over those Bitcoins, as the initial step in looking to recover them via the courts.

The decision and its application

The judge was satisfied that the test for a proprietary injunction over the Bitcoins against each of the four defendants was satisfied. A fundamental element of the decision was the conclusion that crypto assets, such as Bitcoin, are “property” for the purposes of English law and therefore can be the subject-matter of a proprietary injunction.

While historically it has been very difficult to recover ransom payments, the case highlights the potential for corporations to recover these payments via the courts (or, at the very least, to obtain interim relief in respect of them). The decision should certainly be borne in mind by any corporations who become the subject of a targeted and substantial ransom demand and in circumstances where the ransom is paid and is subsequently traceable.

Given the typical speed in which ransom crypto assets are transferred / dissipated, in order to increase any potential for the recovery of such assets, it would be advisable for those considering making such an application, to act with expediency.