Factors to Consider when Faced with a Ransomware Attack

In this digital age, the data held by an organisation can be one of its most important commodities. Threat actors (also known as malicious actors) recognise this and as such, cyberattacks have been on the rise. In particular, ransomware attacks have increased in frequency – studies have found that more than three-quarters of UK businesses were affected by ransomware in 2021. This is to be expected, not least because an organisation can still experience significant disruption, even where it is not the target of a ransomware incident (for example, it could be that an organisation further up or down the supply chain may have been affected).

So what should a company do when their data is being held captive? Should they submit to the demands of the threat actor and simply pay? Or should they refuse to back down, on moral grounds (amongst other things)?

To read the full text of this post by Duane Morris attorneys Chris Recker and Charlyn Cruz, please visit the Duane Morris London Blog.

Digital Asset Recovery in 2022

2021 was a blockbuster year for cryptocurrency, aided largely by the Covid-19 pandemic, which saw markets and trading vastly increase. As a result of such growth, cryptocurrency asset tracing is no longer a niche legal sphere. It is one increasingly visible within the English Courts. In January 2022, the Master of the Rolls Sir Geoffrey Vos emphasised the need for all commercial and dispute resolution lawyers to understand blockchains, smart legal contracts and cryptoassets.

To read the full text of this post by Duane Morris attorney Chris Recker and Jonathan Bellamy, a commercial barrister at 39 Essex Chambers, please visit the Duane Morris London Blog.

UK Construction: Cybercrime is the Invisible Enemy

Cyber fraud is a real and present danger across almost all industry sectors, and the construction sector is not immune as our recent article demonstrated. According to the FCA there has been a jump of 52% in incident reports and recent global conflict may possibly increase this threat.

One of the primary types of fraud affecting the construction industry is the prevalence of payment diversion fraud. It is estimated that contractors pay out around £100m per year in fake invoices. In some cases, a single instance of payment diversion fraud can amount to millions of pounds. In such cases it is easy to see how the fraud would place intolerable pressure on the cash flow of a business and in extreme instances even lead to insolvency. In an industry already under pressure through factors such as super-inflation and rising energy costs, fraud is yet another unwelcome factor which can be detrimental to cash flow on a project.

To read the full text of this post by Matthew FriedlanderChris Recker and Sam Laycock, please visit the Duane Morris London Blog.

Can Blockchain and NFTs Revolutionize the Fashion Industry?

Following the worldwide disruption in retail due to COVID-19, sales of luxury goods are expected to grow as much as 25% in 2022. Much of this growth has been driven by e-commerce, with online sales totalling 23% of all luxury sales in 2020. Meanwhile, consumer sustainability demands have driven growth in luxury resale or rental markets, now worth an estimated $36 billion, while brands have expanded their reach into the brave new digital territory of the metaverse – the overlapping digital spaces in which we increasingly work, play, and consume.

Yet luxury’s digital embrace has been hampered by a concomitant rise in counterfeit goods in the physical and digital worlds.  Is blockchain the solution?

To read the full text of this article co-authored by Duane Morris attorneys Cindy Yang and Kelly Bonner, please visit the Multilaw website.

NFTs and Fraud – a new frontier?

Non-fungible tokens (NFTs – digital assets which are not traded on exchanges, but instead are tokens which represent the ownership of a digital file (for example, a photo or digital art)) have exploded onto the digital asset ‘scene’ over the last 18 months or so.  They are generally (but not always) built on the Ethereum blockchain.  NFTs are bought and sold using cryptocurrency, but not traded on exchanges. Instead, they are purchased through specialist third party auction sites or sold/transferred privately.

The speed of mass NFT adoption has created significant opportunity (in the wake of the increase in value of NFTs, and also allowing content creators to monetise their services by tokenising art and music) but also exposed potential for the system to be exploited.

To read the full text of this blog post by Duane Morris attorney Chris Recker, please visit the Duane Morris London Blog.

UK: Recent Developments on Fraud and Cryptocurrency

We are now starting to see a variety of cryptocurrency related frauds appearing before the English Court. Following the decision in AA v Persons Unknown [2019] EWHC 3556 (Comm) (where an insurer was granted a proprietary injunction as part of its strategy to recover a ransomware payment which had been negotiated and paid in Bitcoin) the English Court has dealt with several cases relating to cryptocurrency.

To read the full text of this blog post by Duane Morris attorney Chris Recker, please visit the Duane Morris London Blog.

U.S. Federal Lawsuit by Mt. Gox Customers Cannot Proceed as a Class Action

On February 24, 2014, the Mt. Gox bitcoin exchange went offline following a series of hacks through which tens of thousands of bitcoin were stolen. Following Mt. Gox’s collapse, regulators, prosecutors, and civil plaintiffs pursued Mt. Gox and related individuals to seek to hold responsible parties to account. Among those actions was a purported class action filed in the United States District Court for the Northern District of Illinois, on behalf of a purported class of more than 30,000 Mt. Gox customers against, among others, Mt. Gox and Mark Karpeles (Mt. Gox’s principal). See Greene v. Karpeles, Case No. 14 Civ. 1437 (N.D. Ill.) (filed Feb. 27, 2014). The case has a lengthy history, but in its present incarnation it has one defendant—Karpeles—and a sole plaintiff—Greene—who sought to certify a class of Mt. Gox customers. On June 22, 2021, the Honorable Gary Feinerman denied that request. Click here for a copy of Judge Feinerman’s Memorandum Opinion and Order.

By way of background, in early 2012 Mt. Gox posted Terms of Use on its website. Mt. Gox customers were required to accept the Terms of Use as a condition of using the exchange. But that doesn’t mean that every customer read the Terms of Use when they accepted them, or any time thereafter for that matter. Plaintiff Greene contends he did, and that he relied on certain representations in the Terms of Use when he used the exchange. But to determine if every other member of the proposed class similarly read the Terms of Use would require making an individual inquiry of each of those purported class members.

And that gets to the heart of this decision. Class certification in federal court is governed by Rule 23(a) of the Federal Rules of Civil Procedure. Before a class may be certified, it must satisfy the four requirements of Rule 23(a): “(1) the class is so numerous that joinder of all members is impracticable; (2) there are questions of law or fact common to the class; (3) the claims or defenses of the representative parties are typical of the claims or defenses of the class; and (4) the representative parties will fairly and adequately protect the interests of the class.” In addition, the proposed class must satisfy one of the categories in Rule 23(b); as applicable here, it must be “a case in which the common questions predominate and class treatment is superior.” Where the questions of law or fact common to class members do not predominate over any questions affecting only individual members, then the proposed class does not satisfy the predominance requirement.

In the Mt. Gox case, the underlying claim is one for common law fraud. “Greene’s theory of fraud is that the Mt. Gox Terms of Use falsely represented that Mt. Gox held all assets on its users’ behalf and that trades involved actual assets, that Karpales knew those representations were false and intended to deceive Mt. Gox users, and that the users kept assets on Mt. Gox in reliance on Karpeles’s misrepresentations.” (emphasis added). But in order to have relied on Karpeles’s misrepresentations, each member of the class must have read the Terms of Use, or at least have been aware of the relevant provisions of the Terms of Use, and that the relevant Terms influenced their actions. Absent a presumption of reliance applicable to the class—and no such presumption existed in this case—reliance is individualized, that is, the court would have to make a determination of reliance with respect to each member of the class individually. “Holding over thirty thousand mini-trials to determine how each class member understood and whether each class member relied upon a contract they accepted nearly a decade ago would present insurmountable difficulties.” Judge Feinerman concluded, as a result, that common issues do not predominate and, therefore, class certification was not appropriate.

Decisions granting or denying class certification often are fact specific and do not garner much attention beyond the case in which the decision is made. But the Mt. Gox case is worthy of note for at least two reasons. First, the decision is among a very small group of cases examining class certification in the crypto context. It is worthwhile to watch the development of the law in this nascent area. Second, and more practically, when a court grants certification in a class action, it is an important victory for the class because it often forces the defendants to come to the bargaining table and settle soon thereafter. Conversely, when defendants defeat class certification—which, absent a change on appeal or an amended pleading, means the case can move forward with only the named plaintiff—it is an important victory for the defendants because it drastically reduces the liability landscape the defendants face and often brings a fairly quick close to the litigation.

SEC, Targeting Promoters, Enters the BitConnect Fray

The SEC last week sued several alleged promoters connected with BitConnect, accusing the individuals of participating in or aiding and abetting the offering of unregistered securities in violation of Section 5 of the Securities Act of 1933 and Section 15(a) of the Securities Exchange Act of 1934, and doing so without being registered as broker-dealers, as required by the federal securities laws. See SEC v. Brown, et al., No. 21 Civ. 4791 (JGK) (S.D.N.Y. May 28, 2021). According to the SEC, between January 2017 and January 2018, BitConnect, directly and through the named defendant promoters, solicited investors to participate in its “lending program,” whereby investors invested bitcoin with BitConnect in exchange for interest payments derived from value generated by a trading bot focused on profiting from the volatility of Bitcoin. According to the complaint, BitConnect guaranteed a “high rate of return” (as high as 40% per month) with “no risk” from the “safe” investment. The SEC contends the promoters—including U.S.-based Trevon Brown (a.k.a. Trevon James), Craig Grant, Ryan Maasen, and Michael Noble (a.k.a. Michael Crypto)—used social media and other communications to plug the lending program in return for referral commissions—a percentage of each investment resulting from their individual efforts and the efforts of their referral network. The SEC alleges that successful promoters also received so-called “development funds” that they could use for themselves or pass on to investors in their network. According to the complaint, the promoter defendants named in the lawsuit earned referral commissions and development funds ranging from more than $475,000 to $1.3 million. Another defendant, who allegedly served as the liaison between Bitconnect and the promoters, earned more than $2.6 million. The SEC seeks injunctive relief, disgorgement plus interest, and civil penalties. According to the SEC, its investigation is ongoing.

BitConnect’s legal troubles began in early 2018 when various state regulators, including Massachusetts and Texas) opened investigations and proceedings on BitConnect. At the same time, numerous investors filed lawsuits in federal court in Florida against BitConnect and some of the same promoters sued by the SEC last week. Those civil cases, which were consolidated, fell victim to multiple successful motion to dismiss and currently are on appeal to the Court of Appeals for the Eleventh Circuit.

What can we infer from the timing of the SEC’s lawsuit? Perhaps not much. BitConnect has been condemned variously as a Ponzi scheme, a scam, a fraud, and evidence of the “common knowledge” that the Bitcoin market is being manipulated. BitConnect, then, would seem a likely candidate for the SEC’s attention. It may seem curious that the SEC’s complaint comes more than three years after state regulators and private litigants focused their efforts on BitConnect. That could simply be a function of the time required to conduct the investigation. In its press release contemporaneous with the filing of the lawsuit, the SEC thanked “the Cayman Islands Monetary Authority, the Hong Kong Securities and Futures Commission, the Monetary Authority of Singapore, the Ontario Securities Commission, the Romanian Financial Supervisory Authority, and the Thailand Securities and Exchange Commission.” That is a lot of helping hands. Or perhaps the SEC has other developments on its mind. There are several applications for Bitcoin exchange-traded funds (ETFs) currently pending before the SEC, and the SEC has previously denied similar applications, inter alia, because of concerns about manipulation in the market for Bitcoin. So perhaps the timing is not so curious. Then again, the conduct at issue in the SEC’s lawsuit occurred in 2017-2018, making any connection to the state of the current market for Bitcoin more tenuous. At the very least, one must keep in mind the SEC’s mission to protect investors and maintain fair, orderly, and efficient markets; the SEC’s case against BitConnect reaffirms that one cannot assume that conduct well in the past has flown below or escaped the SEC’s pursuit of its mission.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress