The U.S. Department of Justice last week announced the launch of a so-called National Cryptocurrency Enforcement Team (NCET), whose purpose is to handle investigations and prosecutions of criminal misuses of cryptocurrency – in particular, crimes committed by virtual currency exchanges and money launderers. That move came on the back of Washington having suffered several memorable ransomware attacks earlier this year. In September, there was a report, by the Wall Street Journal, of the Biden administration “preparing an array of actions, including sanctions, to make it harder for hackers to use digital currency.”

“…to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.” Fresh comments out of my relaxed keystrokes (I try to be as impartial as I can): 1. No question about the fact that bad actors evading taxes must be prosecuted and punished – whether they do it by more traditional ways such as drug and currency smuggling or by using cryptos. 2. Digital money laundering IS an issue (take, for instance, widely known non-banking international payment systems), and crypto payment is just an equal-among-equals part of the problem. 3. Isn’t the artificial circumscribing and outlining cryptocurrencies in connection with various misuse of money limits efficiency and success in fighting against this kind of crime?

Deputy Attorney General Monaco said: “… we are launching the National Cryptocurrency Enforcement Team to draw on the Department’s cyber and money laundering expertise to strengthen our capacity to dismantle the financial entities that enable criminal actors to flourish — and quite frankly to profit — from abusing cryptocurrency platforms. As the technology advances, so too must the Department evolve with it so that we are poised to root out abuse on these platforms and ensure user confidence in these systems.”

Assistant Attorney General Polite said: “The Criminal Division is already an established leader in investigating and prosecuting the criminal misuse of cryptocurrency. The creation of this team will build on this leadership by combining and coordinating expertise across the Division in this continuously evolving field to investigate and prosecute the fraudulent misuse, illegal laundering, and other criminal activities involving cryptocurrencies.”

“…the NCET will draw and build upon the established expertise across the Criminal Division to deter, disrupt, investigate, and prosecute criminal misuse of cryptocurrency, as well as to recover the illicit proceeds of those crimes whenever possible. Because cryptocurrency is used in a wide variety of criminal activity, from being the primary demand mechanism for ransomware payments” Here we go. Ransomware is a form of malicious software that infiltrates a computer or network and limits or restricts access to critical data by encrypting files until a ransom is paid. Indeed, crypto has compromised itself for being the most convenient and privacy-ensuring way of accepting ransomware, a fact that is hard to deny. In light of this, question one: whether legal enforcement of cryptocurrencies would impair the bad actors’ ability to conceal their identities and, hence, diminish ransomware attack incidence? The answer is definitely yes. But answering the question of whether that would put an end to the ransomware attacks gets the opposite answer “no”, which means if the problem would be limited to dealing exclusively with crypto, then ransomware crimes will flourish.

In recent years, new ransomware have been discovered, including:

  • Netwalker: Created by the cybercrime group known as Circus Spider in 2019, that ransomware allowed hackers to rent access to the malware code in exchange for a percentage of the funds that are received.
  • DarkSide: DarkSide has also been a known group that targeted to steal and encrypt sensitive data, including backups through RaaS.
  • Conti: Conti ransomware has been using a “double-extortion” technique to encrypt data on an infected machine. This group of hackers usually send a phishing email originating from an address that the victim trusts.
  • REvil: Also known as Sodin and Sodinokibi, REvil is a ransomware group that has gained a reputation for extorting especially large ransom payments, as well as promoting underground cybercrime forums.

According to Purplesec, the average ransom payment amount increased by 104% in Q4 2019 – $84,116, $780,000 for a large enterprise, whereas average downtime increased by 200% year over year, incurring costs are “23X greater than the average ransom requested in 2019.

Among others, FedEx lost an estimated $300 million in Q1 2017 from the NotPetya ransomware attack. The average cost of a ransomware attack on businesses was $133,000.

The average cost of ransom per incident is on the rise:

2018 – $4,300

2019 – $5,900

2020 – $8,100

The average cost of ransomware caused downtime per incident:

2018 – $46,800

2019 – $141,000

2020 – $283,000


Because right now very few criminal investigators genuinely understand all intricacies of blockchain and crypto development, at the initial stage they will be obliged to heavily rely on some external expertise. However, ultimately they want to “…train and advise federal prosecutors and law enforcement agencies in developing investigative and prosecutorial strategies. Such training and advice will include providing guidance concerning search and seizure warrants, restraining orders, criminal and civil forfeiture allegations, indictments, and other pleadings”. In other words, they hope to train themselves so deeply and thoroughly, that shortly after that not only will they be capable of investigating and prosecuting, but also (“to train”) training all the newcomers. Many would love to see how the HR efforts’ going there.

The bottom line: the initiative, though being apparent and hard-to-avoid, is a mixed bag until the issue is handled by true professionals (those who can be counted on several hands’ fingers), rather than those who will try to train themselves and, then, train others – people who will be dressed to impress with limited practical use.