pinkeyes -

US sanctions Suex crypto exchange over ransomware links

US Treasury cracks down on cryptocurrency exchange that supposedly facilitated proceeds from multiple ransomware gangs

The Czechia-based Suex cryptocurrency exchange has been sanctioned by the US Department of the Treasury’s Office of Foreign Assets Control (Ofac) for its alleged role in handling financial transactions for at least eight unnamed ransomware operations.

The crackdown, which was earlier signalled by the Biden administration, comes as organisations around the world reel from the impact of an epidemic of ransomware attacks disrupting operations.

The Treasury claimed that over 40% of Suex’s known transaction history was associated with illicit actors and has been critical to the profitability of ransomware attacks. It said it would continue to “disrupt and hold accountable” entities that provide material support to cyber criminal actors to “reduce the incentive” to conduct such attacks.

“Ransomware and cyber attacks are victimising businesses large and small across America and are a direct threat to our economy,” said Treasury secretary Janet Yellen. “We will continue to crack down on malicious actors.

“As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter and prevent ransomware attacks.”

While most cryptocurrency activity is above board, virtual currencies are easily used for illegal activity, including, but not limited to, cyber criminality, through peer-to-peer exchangers, mixers and exchanges. Some licit exchanges are merely exploited by cyber criminals, but others, such as Suex, supposedly facilitated illegal activities for its own gain.

“The Treasury will continue to use its authorities against malicious cyber actors in concert with other US departments and agencies, as well as our foreign partners, to disrupt financial nodes tied to ransomware payments and cyber attacks,” the department said in a press statement.

“Those in the virtual currency industry play a critical role in implementing appropriate AML/CFT [anti-money laundering/combating the financing of terrorism] and sanctions controls to prevent sanctioned persons and other illicit actors from exploiting virtual currencies to undermine US foreign policy and national security interests.”

The immediate impact of the sanction will be to block all property and property interests of Suex that are subject to US jurisdiction, and to forbid US citizens from engaging in transactions with them. It also blocks any entities that are 50% or more owned by a designated person. Also, financial institutions and other people that engage in transactions or activities with Suex and associated individuals may also find themselves subject to action.

It is important to note that the action against Suex does not itself target any specific ransomware operation.

Alongside the sanctions against Suex, Ofac has also released a new update on sanctions risks for facilitating ransomware payments, re-emphasising the fact that paying ransom or extortion demands is strongly discouraged. The updated advisory also contains new updates on ransomware reporting guidelines for organisations that operate in the US.

Read more about ransomware

  • The debate around banning ransomware payments is highly nuanced, and we must take care to avoid overt victim-blaming, in favour of an open and honest approach, says SASIG’s Martin Smith.
  • Working alongside law enforcement partners, Bitdefender has developed and released a tool to help REvil victims recover their data for free.

Read more on Hackers and cybercrime prevention

Data Center
Data Management