Biden administration sanctions virtual currency exchange following spike in ransomware attacks
The White House imposed sanctions on SUEX on Tuesday, a virtual currency exchange that allows users to trade cryptocurrencies or other digital currencies, for its role in facilitating financial transactions for ransomware players. Led by the Treasury Department’s Office of Foreign Assets Controls (OFAC), the new trade and financial sanctions against SUEX aim to punish the platform “for its part in facilitating financial transactions for ransomware players, involving illicit products of at least eight ransomware variants, “according to Deputy Treasury Secretary Wally Adeyemo.
Tuesday’s announcement marks the first time that OFAC has punished a virtual exchange for complicity in criminal ransomware activity. An analysis of known SUEX activity showed that more than 40% of transactions were associated with illicit actors, according to the Treasury Department.
“We recognize that the vast majority of activities that take place in virtual currencies are legitimate activities,” Adeyemo told reporters at a briefing. “But we also know that these criminals are using some of these exchanges and mixers, and peer to peer services to carry out illicit activities that are not in our national interest.”
In 2020, ransomware payments reached over $ 400 million. The FBI indicated an almost 21% increase in reported ransomware cases and a 225% increase in associated losses from 2019 to 2020.
The actions represent a significant step in the Biden administration’s efforts to starve parts of the crypto ecosystem that have knowingly fostered ransomware trading in recent months and years.
“The Treasury will prioritize identifying nested exchanges dealing with high percentages of illicit activity,” Adeyemo said.
The targeted sanctions are far from crippling the entire cryptocurrency infrastructure, but serve as a warning to other platforms on which ransomware transactions are suspected to be taking place, prompting them to bolster crypto programs. compliance or to avoid illicit transactions altogether.
After a ransomware variant known as Cryptolocker was used to infect more than 234,000 computers – about half of them in the United States – OFAC sanctioned Cryptolocker developer Evgeniy Mikhailovich Bogachev in December 2016 .
When the SamSam ransomware was used to target U.S. government institutions and businesses, including the city of Atlanta and the Colorado Department of Transportation, OFAC appointed two Iranians to provide material support for malicious cyber activity in 2018 The Treasury Department also identified two virtual currency addresses. used to channel the SamSam ransomware product.
And when the ransomware known as “WannaCry 2.0” notoriously infected an estimated 300,000 computers in at least 150 countries in May 2017, OFAC designated the Lazarus Group, the North Korean-sponsored cybercrime organization, to the origin of the attack.
More recently, the Biden administration has been rushing to respond to a slew of high-profile ransomware attacks this spring, including several seven- and eight-figure ransoms dating back to Russia. Cyber attacks on critical infrastructure have resulted in the shutdown of a major US pipeline, a large meat-packing company, and many hospitals, schools, municipalities and small businesses.
As a result of Tuesday’s designation, “all property and interest in the property of [SUEX] that are subject to the jurisdiction of the United States are blocked, and persons in the United States are generally prohibited from transacting with them. In addition, all entities 50% or more owned by one or more designated persons are also blocked, ”according to guidelines published by OFAC.
The Treasury Department will also update its 2020 ransomware sanction guidelines for public and private entities to strongly discourage the payment of ransoms and to “recognize the importance of cyber hygiene in preventing or mitigating such attacks. By encouraging information sharing with law enforcement among ransomware victims.
“We expressly state that the US government strongly discourages the payment of cyber ransoms or extortion demands,” Adeyemo said. “If a business determines that it is in its best interest to pay these claims, the OPAC guidelines make it clear that the best way to protect that business from the risk of paying a sanctioned entity is to report that it has been attacked the police and [the Department of Treasury.]”
Other agencies have already shouted these warnings. “Paying ransom may encourage adversaries to target other organizations, encourage other criminal actors to engage in ransomware distribution and / or fund illicit activity,” CISA wrote in a notice published last month. .
Deputy National Security Advisor Anne Neuberger told reporters that the Biden administration will hold a meeting with international partners next month to discuss anti-ransomware efforts and political solutions.
In July, President Biden warned Russian President Vladimir Putin that he would take “all necessary measures” to defend the United States against ransomware attacks on Russian soil.
“There is no indication that the Russian government has taken any action to crack down on ransomware,” said Paul Abbate, deputy director of the FBI. , Last week.
NEW Cooperative, a farming company in northern Iowa tasked with operating grain elevators, buying crops from farmers and selling fertilizer, among other tasks, was reportedly targeted by BlackMatter last week. The ransomware criminal gang is linked to the DarkSide ransomware group – the actors behind the forced shutdown of the Colonial Pipeline – according to many cyber analysts.
“We are monitoring the ransomware incident, but we don’t see any particular impact at this time,” Neuberger told reporters, adding that the National Security Council continued to work with the FBI and the company, but did not not yet attributed the attack.