US Sanctions Cryptocurrency Exchange Used By Ransomware Gangs

The US Treasury Department announced the first-ever sanctions against a cryptocurrency exchange, the Russian-linked Suex, for facilitating ransom transactions for ransomware gangs and helping them evade sanctions.

Suex is registered in the Czech Republic but has no physical presence there. Instead, it operates out of Moscow and St. Petersburg branch offices and other Russian and Middle Eastern locations, according to Chainalysis.

“SUEX has facilitated transactions involving illicit proceeds from at least eight ransomware variants. Analysis of known SUEX transactions shows that over 40% of SUEX’s known transaction history is associated with illicit actors,” the Treasury Department said today.

Also Read: Data Protection Officer Singapore | 10 FAQs

“SUEX is being designated pursuant to Executive Order 13694, as amended, for providing material support to the threat posed by criminal ransomware actors.

“This action is the first sanctions designation against a virtual currency exchange and was executed with assistance from the Federal Bureau of Investigation.”

This move is designed to disrupt the main channel used by ransomware operations to collect ransom payments from their victims, which, as the Treasury added, amounted to over $400 million last year, more than four times when compared to 2019.

By sanctioning crypto exchanges providing ransomware groups with material support, the US hopes to drain their funding and disrupt their operations.

The Treasury’s Office of Foreign Assets Control (OFAC) also issued an advisory today highlighting the “sanctions risks associated with ransomware payments in connection with malicious cyber-enabled activities.”

As Chainalysis also revealed today, since being launched in February 2018, Suex has received more than $481 million in Bitcoin alone, including funds received from cybercriminals:

• Nearly $13 million from ransomware operators including Ryuk, Conti, Maze, and several others
• Over $24 million from cryptocurrency scam operators including the fraudsters behind Finiko, a scam that took in over $1 billion worth of cryptocurrency from victims primarily in Russia and Ukraine
• Over $20 million from darknet markets, primarily the Russia-based Hydra Market

Part of a larger effort to disrupt ransomware operations

The Biden administration was expected to issue sanctions this week against cryptocurrrency exchanges, wallets, and traders used by ransomware groups, as Wall Street Journal reported on Friday.

These are not the first sanctions the US government has levied against entities or threat actors associated with ransomware gangs.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

In 2019, the US charged members of the Evil Corp for stealing more than $100 million and them to the Office of Foreign Assets Control (OFAC) sanctions list.

Over the years, Evil Corp was linked to multiple ransomware families, including WastedLocker, Hades, Phoenix CryptoLocker, and PayLoadBin.

In October, the Treasury also warned that ransomware negotiators might also face civil penalties for facilitating ransom payments to ransomware gangs on its sanctions list.

“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors,” Treasury Secretary Janet L. Yellen added today.

“As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”