The United States has imposed sanctions on a crypto exchange over its alleged role in enabling illegal payments from ransomware attacks. In an updated ransomware advisory, the Treasury Department’s Office of Foreign Assets Control (OFAC) has blocked Seux OTC, a private company based in the Czech Republic, from accessing all U.S. property. The sanctions further prohibit Americans from transacting with the company. Those who transact with the sanctioned entity may expose themselves to sanctions or enforcement action.
As per the department, an analysis of known Suex transactions shows that over 40% of its transaction history is associated with illicit actors. Hence, the department is sanctioning it pursuant to Executive Order 13694, for providing material support to the threat posed by criminal ransomware actors.
A press release from the Department said:
“Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity. Treasury will continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to continue to conduct these attacks. This action is the first sanctions designation against a virtual currency exchange and was executed with assistance from the Federal Bureau of Investigation.”
U.S. Policy Against Ransomware
The move is a part of a broader government effort to counter the ransomware threat. It aims to disrupt criminal networks and virtual currency exchanges responsible for laundering ransoms, improve cyber security across the private sector, and increase incident and ransomware payment reporting to U.S. government agencies.
The US government has recently issued an online helpline to support ransomware victims. It has even issued guidance to investigate ransomware & terrorist attacks alike. The FBI even went after the ransomware payments in the Colonial Pipeline case and retrieved most of the Bitcoins.
On the legal front, the United States’ House Committee on Homeland Security has passed five bipartisan bills. These bills aim to strengthen defence capabilities against cyber-attacks.
Further, new anti-money laundering rules and terror finance rules are set to come later this year. They will aim to limit the use of cryptocurrency for ransomware payments and other illicit activities.
Why is it important?
The Secretary-general of Interpol has said that much like the covid-19 pandemic, ransomware is also mutating into different variants and criminals are reaping huge profits. In the past few months, the USA has witnessed multiple cyberattacks including the Colonial Pipe hack, REvil ransomware at a United States nuclear weapons contractor, JBS hack, among others.
While the Treasury Department’s advisory says that ransomware payments reached over $400 million in 2020, Chainalysis reported that criminals made $350 million in 2020 from ransomware payments. It shows an increase of 311% in one year. Palo Alto Networks reported an increase in ransomware payments by nearly 171%. In May 2021, the Darkside ransomware gang reportedly made $90 million in merely 9 months of operation.
Further, ransomware payments do not fairly reflect the extent of damage caused due to disruptions and hit to reputation. They also have a social effect, since these cyberattacks disrupt businesses on which families and individuals depend for their livelihoods, savings, and future. Damage to critical information infrastructure can cause huge disruptions to any nation, as witnessed in the colonial pipeline hack.
But what’s the problem with cryptocurrency exchanges?
Countries have looked at cryptocurrencies as an enabler of money laundering and terrorist financing, and a huge risk to investors because of their volatility. Ransomware operators always demand ransom payments in cryptocurrencies, since they help them stay anonymous. Read more. Some people also provide Bitcoin mixer scams to enable illicit transactions.
The Treasury Department says that although some virtual currency exchanges are exploited by malicious actors, those like Suex “facilitate illicit activities for their own illicit gains.”
Multiple, countries, including India, UK, and Korea have advised crypto exchanges to abide by the money laundering and anti-terrorism financing regulations. The U.S. has also asked exchanges to abide by these rules and has acted against services such as Helix, which facilitate ransomware payments.