European Commission to Toughen Penalties for Cryptocurrency Cybercrime

This week, the Executive Body of the European Union, European Commission, has announced its intention to introduce a new directive on cybercrime as a reaction against the recent ransomware attacks in which the hackers required cryptocurrency payments in exchange for unlocking computers. Part of this plan will be linked to the creation of a pan-European cybersecurity agency, which is to combat the illicit trading of cryptocurrencies.

In his annual State of the Union Address on September 13, President Jean-Claude Juncker declared: "In the past three years, we have made progress in keeping Europeans safe online. But Europe is still not well equipped when it comes to cyber-attacks. This is why, today, the Commission is proposing new tools, including a European Cybersecurity Agency, to help defend us against such attacks." The EU Commission’s document includes a proposal to strengthen the punishment for those involved in cybercrimes, including attacks and extortion.

"The proposed directive will strengthen the ability of law enforcement authorities to tackle this form of crime by expanding the scope of the offences related to information systems to all payment transactions, including transactions through virtual currencies."

Potential changes in the EU rules regarding cryptocurrencies may go beyond the scope of ransomware attacks, as evidenced by similar documents with free access. A separate report describing "non-cash payment fraud" in the European Union indicates that the current legislation is not equipped with tools for prosecution for crimes related to technology.

"The current rules on criminalization of non-cash payment fraud are set out in the Council Framework Decision 2001/413/JHA dating back to 2001, it has become clear that those rules no longer reflect today’s realities and do not sufficiently address new challenges and technological developments such as virtual currencies and mobile payments."

According to the European Commission, last year there were recorded over 4,000 ransomware attacks each day on the European territory, and 80% of European companies experienced at least one cybersecurity incident. The economic damage due to cyber-crime has shown an exponential growth over the past four years.

The new cybersecurity agency is to be created based on the current European Agency for Network and Information Security (ENISA).