China reached an agreement with Central Asia’s nomadic peoples about 2,000 years ago, during the Han dynasty. They were looking for easy cash and ransacked Silk Road traders. China did this to establish the Silk Road trade route from China to Europe and to gain a large source of wealth through luxury goods trading.

Cyberattackers are now taking advantage of companies’ inept cybersecurity measures, as trade has increasingly moved to the digital realm due to the global COVID-19 pandemic. These hackers are using ransomware in order to lock down the data of these organizations with encryption until they receive a ransom payment. In 2019, 98% ransomware payments were made using Bitcoin (BTC).

Anne Neuberger, United States deputy National Security Advisor for Cyber and Emerging Technology, explained

Ransomware attacks have been increasing in number and severity. […] The U.S. government works with countries around the globe to hold ransomware actors accountable and countries that harbor them responsible, but we can’t fight ransomware by ourselves. The private sector is responsible for a significant and important part of the ransomware threat.

The President Joe Biden’s administration is moving to address cyberattacks, which are expected cost $1 trillion per year and often take form as ransomware, as a national security risk. They pose a high threat to the country and put gasoline, food supplies, and hospitals at danger.

The U.S. Department of Justice recently seized 63.7 BTC, worth approximately $2.3million at the time. This was the proceeds of a ransom paid by Colonial Pipeline to the group called “DarkSide.” This coordinated effort was done with the DoJ’s Ransomware and Digital Extortion Task Force. These agencies collaborate with private-sector partners and domestic and foreign governments to counter this serious criminal threat.

Lisa Monaco, DoJ’s deputy Attorney General, stated that “Following the money remains one the most basic, but powerful tools we possess.”

“Ransom payments fuel the digital extortion engine. The United States will use every tool at its disposal to make these attacks more expensive and less lucrative for criminal enterprises.”

Paul Abbate (deputy director of the Federal Bureau of Investigation) added:

“We will continue using all resources and leverage our international and domestic partnerships to disrupt ransomware attacks, protect our private sector partners, and protect the American public.”

U.S. tax implications for ransom payments in cryptocurrency

It is unclear whether ransomware payments are considered “ordinary and necessary” costs of doing business. They can also be deducted from your taxable income as theft losses under Sections 162 (a) and 165 (a). This code gives the authority to deduct losses not covered by insurance. There are many administrative and judicial definitions of theft. The Internal Revenue Service’s definition seems to include a cyberattack. It allows ransomware payments in cryptocurrency to be deducted from federal tax as a business expense.

Section 162(c) states that ransom payments in cryptocurrency are not tax-deductible if they constitute an illegal bribe or illegal kickback, blackmail payment, or other illegal payment, such as one to a terrorist organization. Taxpayers should be able to distinguish between ransomware cryptocurrency payments and illicit payments by highlighting the theft. There are potential legal issues when ransomware demands in cryptocurrency are made to cybercriminals with known connections to sanctioned or banned foreign governments.

This is , provided by Elliptic founder and chief scientist Tom Robinson. “Elliptic was the first to identify the Bitcoin wallet that DarkSide used to obtain a 75 Bitcoin ransom from Colonial Pipeline. DarkSide, which is thought to be based in Eastern Europe, is an example for ‘Ransomware as a Service (RaaS). This operating model allows ransomware developers to create the malware, while ransomware affiliates are responsible for infecting the target system and negotiating ransom payments with the victim organization. This new business model revolutionized ransomware. It is now available to anyone who has the technical ability to create malware but is willing and able infiltrate target organisations.

Ransomware attackers might offer victims a discount if they transmit the infection to others. According to Flashpoint and Chainalysis, these ransom payments in Bitcoin are then laundered on the dark web markets.

Ransom payments made in cryptocurrency are taxed as property, not currency. Taxpayers are required to keep accurate records of ransom payments in cryptocurrency, report any gains, and report the fair value of any mined cryptocurrency on tax returns.

FinCEN also regulates cryptocurrency transactions under the terms of the a>https://www.investopedia.com/terms/b/bank_secrecy_act.asp#:text=The%20Bank%20Secrecy%20Act%20 (BSA)%20is%20U.S.%20legislation%20towards,transactions%20involving%20sums%20over%20%2410%2C000 “>Bank Secrecy Act” (BSA) states that an administrator or exchanger who (1) accepts and transmits a convertible currency or (2) purchases or sells it for any reason is a money transmitter.

According to the BSA, cryptocurrency transmitters are required to conduct a risk assessment and develop a written program to prevent money laundering. They also need to designate a compliance officer and take other actions.

Other participants profiting from a Bitcoin ransom scheme could face criminal and tax fraud/evasion sanctions. John McAfee was the founder of the antivirus company that bears his name. He had been indicted for tax crimes in the U.S. related to nominee-held cryptocurrency transactions. If convicted, he could spend many years in prison. After the court ruled that he could be extradited, this may have played a role in McAfee’s decision to commit suicide in Spain.

Conclusion

Christopher Wray, FBI Director, advised ransomware victims not to pay ransoms to recover stolen data or regain access to their networks. He stated that “In general we would discourage you from paying the ransom” because it encourages more attacks and that there is no guarantee that you will get your data back.

“We took over 1,100 actions last year against cyber adversaries, including arrests and criminal charges, convictions and dismantlements. We also enabled many more through our dedicated partnerships, with the private sector, foreign partner, and at federal, state and local levels.”