Late last year, the SEC filed a litigated action in the U.S. District Court for the Southern District of New York against Ripple Labs Inc. and two of its executive officers (collectively, “Ripple”), alleging that Ripple raised over $1.3 billion in unregistered offerings of the digital asset known as XRP. Ripple opted not to file a motion to dismiss the complaint, and based on recent filings it appears that the parties do not believe a pre-trial settlement is likely.

Ransomware is a Serious and Growing Problem

In recent years, Ransomware has evolved from merely encrypting files/disabling networks in solicitation of ransom, to sophisticated attacks that often involve actual data access, theft and sometimes, the threat of publication. These sophisticated malware attacks frequently destroy backups and provide criminals even more leverage over their victims, coercing them to pay ransoms.  Ransomware does not just target businesses – it is often used to attack hospitals, research institutions, and other public services that are especially critical during this global pandemic.

It is increasingly common for Ransomware attacks to be associated with large sophisticated cyber-criminal organizations, with a central entity providing the tools, training, and ability to collect ransoms and sending its “associates” out to cause harm. As long as victims continue to pay ransoms, Ransomware is able to expand. Ransomware is also being adapted for new, criminal purposes.  Increasingly, hackers associated with countries like Iran and North Korea are using Ransomware to generate an influx of cash into their economic streams and bypass economic sanctions. Faced with an urgent need to stop the spread of Ransomware, law enforcement is now moving past its old strategy of strongly discouraging victims from paying ransoms. Regulatory agencies – such as OFAC and the SEC – are implementing regulations to prevent victims from paying ransom to buy their way out of a Ransomware attack.  These regulations arm law enforcement with a new enforcement mechanism – allowing them to punish companies who choose to pay ransom in the face of a Ransomware attack. Accordingly, they signal a new area of regulatory enforcement that will likely become the government’s most powerful tool to curb the spread of Ransomware.

The Securities and Exchange Commission (SEC) recently approved amendments to the definition of an accredited investor found in Rule 501(a) of the Securities Act of 1933 that will facilitate the ability of funds and other issuers to raise capital through private placements. Several commenters on the SEC’s proposed rule cautioned

Fund managers take note – after over a year of warning, this month the SEC announced a pair of settlement orders with respect to registration requirements for a fund and broker dealer operating in the crypto and digital assets space. It was the agency’s first ever enforcement actions applying the investment company and broker-dealer registration provisions of the securities laws to businesses involved in digital securities. As we’ve written on Proskauer’s Blockchain and the Law blog, we expect to see the SEC continue to expand its oversight of digital assets as securities.