US Treasury sanctions cryptocurrency exchange in response to ransomware attacks

The US Treasury Department said on Tuesday that it will sanction a cryptocurrency exchange for its alleged role in facilitating illicit payments from ransomware attacks as part of the “government’s broader counter-ransomware strategy”.

It is the first such action taken against a cryptocurrency exchange, and it comes after a series of cyberattacks damaged many sectors and even US government institutions. 

According to the Treasury, ransomware payments totaled more than $400 million in 2020 alone, more than four times their level in 2019.

Suex OTC, S.R.O. was accused by the Treasury Department of enabling transactions containing illegal funds for at least eight ransomware variants, marking the department's first action against a virtual currency exchange over ransomware activities.

Ransomware is a sort of cyberattack in which hackers disable access to critical applications and only unlock when they get a huge amount of money, generally in the form of cryptocurrencies to unlock them.

“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy.” We will continue to crack down on malicious actors,” said Treasury Secretary Janet L. Yellen, in a statement. 

“As cybercriminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”

While the Treasury stressed that the vast majority of virtual currency activity is legitimate, the technology that enables those transfers may be abused by unscrupulous actors. Because cryptocurrency transactions are decentralized, they can be more difficult to track than regular bank transactions. 

According to the agency, in Suex's instance, it aided in the facilitation of unlawful conduct "for their own illicit benefits."

“SUEX has facilitated transactions involving illicit proceeds from at least eight ransomware variants. Analysis of known SUEX transactions shows that over 40% of SUEX’s known transaction history is associated with illicit actors,” the department said.

As a consequence of today's designation, U.S. citizens are usually prohibited from transacting with sanctioned entities, and financial institutions that participate in specific activities with them may face sanctions or enforcement proceedings.

Additionally, any organizations owned 50% or more by one or more identified individuals are barred. Today's action against SUEX has no sanctions link to any specific Ransomware-as-a-Service (RaaS) or variation. 

Furthermore, the Office of Foreign Assets Control “strongly encourages victims and related companies to report these incidents to and fully cooperate with law enforcement as soon as possible to avail themselves of OFAC’s significant mitigation. 

In large-scale hacks this year, ransomware attackers have targeted several prominent firms. One such attack on iConstituent, which provides email services for offices within Congress allowing users to connect with constituents. Hackers reportedly attacked the Colonial Pipeline company, meat processing company JBS, software firm Kaseya, and Toshiba Tech Corp. 

These attacks have gotten so serious that US President Joe Biden said that he has presented a list of 16 critical sectors of the American economy to Putin and if these sectors are attacked it would provoke a response.

Picture Credits: GlobalSign