This article was written by Dr. iur. Dr. rer. pol. Fabian Teichmann in collaboration with Léonard Gerber and published in the professional journal "Jusletter" in 2021. The article deals with the phenomenon of cyberattacks, in particular ransomware, and their evaluation under criminal law. In a cyberattack, criminals gain access to a computer system, which is subsequently blocked by malicious software (malware). Once the computer system is blocked, the owner cannot use the computer in any meaningful way. Subsequently, the criminals contact the victim of the cyberattack and demand a ransom payment to unblock the computer. The victims of cyberattacks often fear the loss of all the data on the computer and are therefore willing to pay the ransom. An example of a widespread attack is WannaCry, which affected 200,000 computers in 150 different countries. WannaCry is a virus that acts as a Trojan horse. The cybercriminals gain access to the computer by the owner opening an email and clicking on the link sent. These actions fulfill several criminal offenses under the Swiss Criminal Code. According to Art. 143bis Swiss Criminal Code, the perpetrator is punished by a prison sentence of up to three years or a fine upon request if he unauthorizedly penetrates a foreign data processing system that is specially secured against his access via data transmission equipment. The cyberattack also frequently fulfills the criminal offense of data damage under Art. 144bis Swiss Criminal Code, as the cyber criminals destroy data in order to force the victim to pay the ransom. The assertion of an unjustified monetary claim by the cyber criminals corresponds to the criminal offense of extortion. If the criminals use cryptocurrencies to hide the paid ransom from seizure, they are also guilty of money laundering.
About the author: Fabian Teichmann is a lawyer and public notary. In addition, he is active with his consulting firm in England, Liechtenstein and the United Arab Emirates.
For more on this topic, see Teichmann, F. & Gerber L. (2021). Les attaques classiques par ransomware. Jusletter. https://doi.org/10.38023/93a91d77-1074-4515-b969-9143c9b99388.