The US Treasury has added a Russian cryptocurrency exchange to its sanctions list after claiming the firm helped facilitate ransomware payments for countless groups.
SUEX is incorporated in the Czech Republic but reportedly operates out of Russia. The Treasury estimated that 40% of its transaction history is associated with “illicit actors.”
According to separate analysis, the “over the counter” (OTC) broker has received over $160m in Bitcoin alone from illegal and high-risk sources, including Ryuk, Conti and Maze ransomware groups; dark web sites like Hydra Market; and cryptocurrency scammers.
“As a result of today’s designation, all property and interests in property of the designated target that are subject to US jurisdiction are blocked, and US persons are generally prohibited from engaging in transactions with them,” the Treasury explained.
“Additionally, any entities 50% or more owned by one or more designated persons are also blocked. In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action.”
The US government action was widely trailed over the weekend, and includes a separate update from the Treasury’s Office of Foreign Assets Control (OFAC) designed to remind ransomware victims of the risks involved in paying cyber-criminals.
Specifically, payment of certain groups on sanctions lists, like Evil Corp, may result in penalties levied by the government on the victim organization.
“OFAC has updated the advisory to emphasize the importance of improving cybersecurity practices and reporting to, and cooperating with, appropriate US government agencies in the event of a ransomware attack,” the Treasury said.
“Such reporting, as the advisory notes, is essential for US government agencies, including law enforcement, to understand and counter ransomware attacks and malicious cyber actors.”
The FBI recorded victim ransomware losses of just $29m last year. However, the Treasury estimated that organizations paid out $400m in ransom payments alone last year, more than four times the 2019 figure.
Adam Flatley, director of threat intelligence at [redacted], welcomed the sanctions but said that government efforts need to go further.
“It will be critical that actions like these continue to be pursued as part of a larger, coordinated, intelligence-driven campaign that uses all aspects of national and international power,” he added.
“Financial and law enforcement actions are important components to this campaign, but this problem can’t be solved without bringing in capabilities that have not been traditionally used against criminal organizations.”
Sam Curry, chief security officer at Cybereason, had similar concerns: “The announcement from the White House is a good first step but, if this is the only exchange sanctioned, then there will be little effect, and the ransomware economy will continue to grow. There are many more exchanges, so now it’s all about adaptability and evolution.
“The Department of Justice estimated that 40 percent of the digital transactions facilitated by SUEX were for illicit activity. With yesterday’s news, the ransomware cartels take a one-time loss, re-gear and use new exchanges. So the first move of the chess match has been made. What comes next in this digital frontier skirmishing? Let’s see!”