Officials said the Biden administration sanctioned a cryptocurrency exchange for its alleged role in enabling illegal payments from ransomware attacks, as part of a broader crackdown on the growing threat.
Suex OTC, S.R.O. was accused by the Treasury Department of facilitating transactions involving illicit proceeds for at least eight ransomware variants, marking the department’s first action against a virtual currency exchange over ransomware activity.
“Exchanges like Suex are critical to attackers’ ability to extract profits from ransomware attackers,” Treasury Deputy Secretary Wally Adeyemo said on a conference call with reporters on Monday evening, previewing the announcement. “This action is a signal of our intention to expose and disrupt the illicit infrastructure using these attacks,” according to the statement.
Ransomware is used by hackers to disrupt systems that control everything from hospital billing to manufacturing. They only stop when they receive large sums of money, usually in cryptocurrency.
In large-scale hacks this year, ransomware gangs have targeted numerous important U.S. companies. One such attack on pipeline operator Colonial Pipeline resulted in temporary fuel supply shortages on the East Coast of the United States. Hackers also targeted an Iowa-based agricultural firm, raising concerns about grain harvesting disruptions in the Midwest.
According to Anne Neuberger, deputy national security adviser for cyber, ransomware payments exceeded $400 million in 2020, more than four times the level in 2019.
The threat has grown so serious that US President Joe Biden reportedly told Russian President Vladimir Putin during a meeting in July that “critical infrastructure” companies should be off-limits to ransomware gangs. According to cybersecurity experts and federal prosecutors, such groups frequently operate out of Russia or Ukraine.
According to the Treasury, an analysis of known Suex transactions reveals that more than 40% of them involved illicit actors. While some exchanges are used by bad actors, others, such as Suex, “facilitate illicit activities for their own illicit gains,” according to the agency’s release.
In an emailed statement, Tom Robinson, chief scientist and co-founder of blockchain analysis firm Elliptic, said, “Rogue cryptocurrency exchanges have long been key enablers for ransomware gangs.” “The United States government’s action sends a clear signal that it will not tolerate this activity, wherever it is based.”
Suex’s access to all U.S. property is blocked, and Americans are barred from transacting with the company, according to the sanctions, which were included in a 2015 executive order targeting cybercriminals.