Cryptocurrency Exchange Linked to Ransomware Groups Sanctioned
The move, the Treasury's first sanctions designation against a virtual currency exchange, is part of the US government’s attempt to cut off revenue to ransomware gangs.
The Biden administration continues to combat ransomware. It's latest effort is an aggressive attempt to cut off one of the ways the groups make money.
The United States Treasury Department announced on Tuesday that its imposed sanctions against Suex, a cryptocurrency exchange that's been publicly connected to moving hundreds of millions of dollars in cryptocurrency between mostly illegal entities - think ransomware actors, darknet market operators, and so on – since 2018.
While it wasn't clear who would be impacted by it, the move was expected this week; over the weekend, the Wall Street Journal reported the US was planning to sanction cryptocurrency exchanges, wallets, and traders involved in helping fund ransomware gangs, attacks traced back to Russia.
Suex, for the uninformed, isn't listed on any of the major exchanges; it's an over-the-counter (OTC) broker that allows parties to trade via dealer-broker transactions.
The exchange helps facilitate cyber threat actors, like ransomware groups, by funneling funds. Researchers with Chainalysis, a blockchain data platform, claim Suex's deposit addresses have received over $160 million from attackers since 2018 and another $50 million from the illegal, since-shuttered cryptocurrency exchange BTC-e. Essentially, it's a high-level money laundering operation. The group, which is technically based in the Czech Republic, mainly operates out of Russia, where it converts cryptocurrency into cash, and even real estate, cars, and yachts.
In its crackdown, the the Treasury Department's Office of Foreign Assets Control (OFAC) says Suex was responsible for facilitating transactions for at least eight different ransomware variants and that more than 40% of its transactions have been with threat actors.
While the SEC didn't specify which groups Suex serviced, in a report also issued today, Chainalyis claims the company received more than $12 million from the groups Ryuk, Conti, and Maze. It linked an extra $24 million to cryptocurrency scam operators and over $20 million to darknet markets.
As part of its actions Tuesday, the OFAC also took the time to update its guidance around ransomware. In addition to not paying, the OFAC is encouraging organizations to report attacks to the correct US government agencies and work with them towards a resolution. To mitigate attacks in the first place, organizations should implement a risk-based compliance program - OFAC has one - FinCEN, the Financial Crimes Enforcement Network, also has regulations that may apply to your business as well.
OFAC also strongly discouraged private companies and citizens from paying ransom demands, stressing that the payments could help further the efforts of criminals. Companies that help facilitate ransomware payments, like Suex, could violate OFAC's regulations, something that could lead to civil penalties for sanctions violations.
The Treasury Department acknowledged that ransomware payments have surged to a near epidemic level over the last year, reaching over $400 million in 2020, more than four times their level in 2019.
The hope is the move curbs ransomware activity by disrupting a major part of its ecosystem and for many, the main way they make a profit.
“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors,” said Treasury Secretary Janet L. Yellen. “As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”
Under the sanctions, individuals in the US are prohibited from doing business with the company, any property it may own in the US is blocked, and as mentioned previously, anyone that does business with the company may find themselves opened up to sanctions.
While it remains to be seen how much of a success the Treasury's actions will be, it's hard to deny it's a good step towards combatting ransomware, whose groups which have become relentless, especially over the last year or two.