The government agency hinted at possible additional sanctions for "financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response" that facilitated ransomware payments.
The United States Department of the Treasury has announced it will impose sanctions on Czech Republic and Russia-based business Suex OTC for allegedly allowing hackers to access cryptocurrency sent as payment for ransomware attacks.
In a Sept. 21 advisory update, the Treasury Department Office of Foreign Assets Control, or OFAC, added Suex OTC to its list of Specially Designated Nationals for which “assets are blocked and U.S. persons are generally prohibited from dealing with them.” The government agency listed Suex OTC’s offices in Moscow and Prague, as well as its website and 25 crypto addresses for Ether (ETH), Bitcoin (XBT), and Tether (USDT).
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations,” said the federal agency. “The U.S. government strongly discourages all private companies and citizens from paying ransom or extortion demands and recommends focusing on strengthening defensive and resilience measures to prevent and protect against ransomware attacks.”
According to a Reuters report, Treasury Deputy Secretary Wally Adeyemo said that "exchanges like Suex are critical to attackers' ability to extract profits from ransomware attackers," seemingly targeting cryptocurrency. He added that the sanctions were an attempt to “disrupt the illicit infrastructure using these attacks."
Blockchain analytics firm Chainalysis said it had been investigating Suex's money laundering activity, claiming many of its funds were from "illicit and high-risk sources." The firm's investigation found that "tens of millions" worth of crypto payments came from addresses associated with different cybercrimes.
"In Bitcoin alone, Suex’s deposit addresses hosted at large exchanges have received over $160 million from ransomware actors, scammers, and darknet market operators," said Chainalysis. "$13 million from ransomware operators [...] $24 million from cryptocurrency scam operators [...] $20 million from darknet markets [...] $50 million worth of cryptocurrency from addresses associated with BTC-e."
Ransomware attacks have seemingly been part of President Joe Biden’s agenda after a group of hackers breached the network behind the Colonial Pipeline in the United States in May, reportedly forcing the firm to pay more than $4 million in ransom. U.S.-based food packing firm JBS was hit with a similar attack which reportedly cost the company $11 million.
Many U.S. officials have targeted cryptocurrencies as the medium of exchange in these ransom payments. Biden’s national security adviser, Jake Sullivan, said in June that crypto “lies at the core of how these ransom transactions are played out,” citing cyberattacks as a “national security priority” for the U.S. government, particularly for “critical infrastructure.”