Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Biden administration targets ransomware payment 'enablers'

The Biden administration is taking aim at the financial marketplace for criminal ransomware gangs

Via AP news wire
Tuesday 21 September 2021 12:16 EDT
Ransomware Sanctions
Ransomware Sanctions

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Biden administration took aim Tuesday at the financial marketplace for criminal ransomware gangs, announcing sanctions against a Russia-based virtual currency brokerage that officials say has processed illicit transactions for attackers.

The Treasury Department sanctions are aimed at disrupting the economic infrastructure of a ransomware threat that has surged over the last year and targeted vital corporations and critical infrastructure, including a major fuel pipeline. Ransomware payments reached more than $400 million in 2020, the costliest year on record.

The goal of the action is to go after the “financial enablers” of ransomware gangs, Deputy Treasury Secretary Wally Adeyemo told reporters in previewing the announcement.

“Today’s action is a signal of our intention to expose and disrupt the illicit infrastructure using these attacks,” Adeyemo said.

Through its Office of Foreign Assets Control, the Treasury Department has previously sanctioned ransomware developers and distributors, and officials say more such designations are possible.

The administration selected for sanctions a currency exchange known as SUEX OTC, a broker it said has facilitated transactions for at least eight ransomware variants.

Though the majority of virtual currency exchanges are engaged in legal commerce, a subset of so-called “nested” exchanges processes a disproportionate amount of illicit transactions, Adeyemo said. In the case of SUEX, officials said, more than 40% of its known transaction history is associated with what the administration describes as illicit actors.

SUEX is among the most active of a small group of illicit services that handle most money laundering for cybercriminals, the cryptocurrency-tracking firm Chainalysis said in a blog post.

Although legally registered in the Czech Republic SUEX has no known physical presence there and instead operates out of branches in Moscow and St. Petersburg, Russia where users can cash out their virtual currency, said Chainalysis, which works closely with law enforcement on tracking criminal crypto transactions.

It said SUEX has been laundering money from the illicit cryptocurrency exchange BTC-e, which U.S. authorities shut down, perhaps on behalf of administrators, associates or former users. BTC-e's operator was sentenced to five years in prison by a French court in December.

Chainalysis said SUEX deposit addresses hosted at large exchanges have received over $160 million from cybercriminals since the brokerage opened in early 2018, including nearly $13 million from ransomware operators including Ryuk, Conti, Maze.

In addition, the Treasury Department says it is updating guidance for ransomware victims that it first issued last year. The advisory strongly discourages victims from paying ransomware, reminding them that some transactions are against the law, and urges victims to report attacks to law enforcement.

“The reality is that the thing we know about this ecosystem is the way that we prevent ransomware attacks is by making sure that we get law enforcement engaged as soon as possible,” Adeyemo said.

—-

AP Technology writer Frank Bajak contributed from Boston.

____

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in