The U.S. Department of the Treasury took action this week seeking to disrupt criminal networks and virtual currency exchanges responsible for ransomware attacks.
The Treasury’s actions are part of the United States government’s broader counter-ransomware strategy, which emphasizes the need for a collaborative approach to counter ransomware attacks, including partnerships between the public and private sector and relationships with international partners.
“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors,” Treasury Secretary Janet Yellen said. “As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”
Ransomware attacks have been on the rise, victimizing governments, individuals, and private companies around the world. In 2020, there were more than $400 million in ransomware payments, four times the amount in 2019.
Among the actions taken by the Treasury, the Treasury’s Office of Foreign Assets Control (OFAC) designated SUEX OTC, S.R.O. (SUEX), a virtual currency exchange, for its part in facilitating financial transactions for ransomware actors, and imposed sanctions on the organization. SUEX has facilitated transactions involving illicit proceeds from at least eight ransomware variants. The Treasury said that about 40 percent of SUEX transactions are associated with illicit actors.
Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity. The Treasury said it will hold accountable those entities to reduce the incentive for cybercriminals to continue to conduct these attacks. Some virtual currency exchanges are exploited by malicious actors, while others, as appears to be the case with SUEX, facilitate illicit activities for their own illicit gains.
This action is the first sanctions designation against a virtual currency exchange. It was executed with assistance from the Federal Bureau of Investigation.
The sanctions state that all property and interests in property of the designated target that are subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked.
Further, OFAC released an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments. The Advisory states that the U.S. government strongly discourages the payment of cyber ransom or extortion demands. In addition, it stresses the importance of cyber hygiene in preventing or mitigating such attacks. OFAC strongly encourages victims to report these incidents to and fully cooperate with law enforcement as soon as possible. This will avail themselves of OFAC’s significant mitigation related to OFAC enforcement matters.