WASHINGTON (AP) – The Biden administration on Tuesday targeted the financial market for criminal ransomware gangs, announcing sanctions against a Russia-based virtual currency brokerage that officials say has been processing illegal transactions for attackers.
Treasury Department sanctions aimed at disrupting the economic infrastructure of the ransomware threat that has grown over the past year have targeted critical corporations and critical infrastructure, including a major fuel pipeline.. Ransomware payments reached more than $400 million in 2020, the costliest year on record.
The action is aimed at going after “financial backers” of the ransomware gangs, Deputy Treasury Secretary Wally Ademo told reporters previewing the announcement.
“Today’s action is indicative of our intention to expose and disrupt illegal infrastructure using these attacks,” Ademo said.
Through its Office of Foreign Asset Control, the Treasury Department has previously approved ransomware developers and distributors, and officials say more such designations are possible.
The administration opted for a currency exchange sanctions known as SUEX OTC, a broker said it has facilitated transactions for at least eight ransomware variants.
Although most virtual currency exchanges engage in legal commerce, a subset of so-called “nested” exchanges process a disproportionate amount of illegal transactions, Adeyemo said. In the case of SUEX, officials said, more than 40% of its known transaction history is associated with what the administration described as illegal actors.
SUEX is the most active of a small group of illegal services that handle most money laundering for cybercriminals, cryptocurrency-tracking firm Chainalysis said in a blog post.
Although legally registered in the Czech Republic, SUEX has no known physical presence there and instead operates from branches in Moscow and St. Petersburg, Russia, where users can cash their virtual currency, said Chainalysis, which Works closely with law enforcement on tracking criminal crypto transactions.
It added that SUEX is laundering money from illegal cryptocurrency exchange BTC-e, which has been shut down by US authorities, perhaps on behalf of administrators, associates or former users. BTC-e’s operator sentenced Five years in prison by a French court in December.
Chainalysis said that since the brokerage opened in early 2018, SUEX deposit addresses hosted on major exchanges have received more than $160 million from cybercriminals, including nearly $13 million from ransomware operators including Ryuk, Conti, Maze .
In addition, the Treasury Department says it is updating guidance for ransomware victims that it first issued last year. The advisory strongly discourages victims from paying ransomware, reminds them that some transactions are against the law, and urges victims to report attacks to law enforcement.
“The reality is that the only thing we know about this ecosystem is that the way we prevent ransomware attacks is to make sure we get law enforcement involved as quickly as possible,” Adeyemo said.
AP Technology writer Frank Bajak contributed from Boston.
Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP