Ransomware attacks have become quite prevalent with nefarious actors targeting domestic firms, frequently demanding ransom in crypto. Today, the US Department of Treasury has announced a group of actions designed to mitigate ransomware activity including designating crypto exchange SUEX OTC as a “complicit financial service” for its participation in transacting illicit proceeds. This action is the first sanctions designation against a virtual currency exchange and was executed with assistance from the Federal Bureau of Investigation.
Secretary of the Treasury Janet Yellen stated:
“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors. As cybercriminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”
Treasury stated that ransomware attacks are increasing in scale, sophistication, and frequency. In 2020, it reports that ransomware payments reached over $400 million, more than four times their level in 2019.
The U.S. government estimates that these payments represent just a fraction of the economic harm caused by cyber-attacks. Treasury added that certain virtual currency exchanges are a “critical element of this ecosystem, as virtual currency is the principal means of facilitating ransomware payments and associated money laundering activities.”
Under the direction of the Department of the Treasury’s Office of Foreign Assets Control (OFAC), the agency has designated of SUEX OTC, S.R.O. (SUEX), a virtual currency exchange, for its part in facilitating financial transactions for ransomware actors.
According to Treasury, SUEX has facilitated transactions involving illicit proceeds from at least eight ransomware variants and known SUEX transactions indicate that over 40% of SUEX’s known transaction history is associated with illicit actors.
SUEX is being designated pursuant to Executive Order 13694, as amended, for providing material support to the threat posed by criminal ransomware actors.
Treasury said it will continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to continue to conduct these attacks.