The treasury department accused Suex OTC, SRO of facilitating transactions involving illicit proceeds for at least eight ransomware variants, its first such move against a virtual currency exchange over ransomware activity.
“Exchanges like Suex are critical to attackers’ ability to extract profits from ransomware attackers,” treasury deputy secretary Wally Adeyemo said in a call with reporters previewing the announcement on Monday evening. The action “is a signal of our intention to expose and disrupt the illicit infrastructure using these attacks.”
Hackers use ransomware to take down systems that control everything from hospital billing to manufacturing. They stop only after receiving hefty payments, typically in cryptocurrency.
This year, ransomware gangs have hit numerous important US companies in large scale hacks. One such attack on pipeline operator Colonial Pipeline led to temporary fuel supply shortages on the US East Coast. Hackers also targeted an Iowa-based agricultural firm, sparking fears of disruptions to grain harvesting in the Midwest.
In 2020 ransomware payments reached over $400 million, more than four times the level in 2019, Anne Neuberger, deputy national security adviser for cyber, told reporters on the call.
The threat has grown so prominent that US President Joe Biden reportedly told Russian President Vladimir Putin during a July meeting that “critical infrastructure” companies should be off limits to ransomware gangs. Such groups often operate from Russia or Ukraine, according to cybersecurity experts and federal prosecutors.
Officials on the call said the administration is updating guidance on sanctions to encourage victims of ransomware attacks to share information with law enforcement.
The Treasury said an analysis of known Suex transactions shows that over 40% of them involved illicit actors. While some exchanges are exploited by bad actors, others like Suex, “facilitate illicit activities for their own illicit gains,” the agency added in a release.
“Rogue cryptocurrency exchanges have long been key enablers for ransomware gangs,” said Tom Robinson, chief scientist and co-founder of blockchain analysis firm Elliptic in an emailed statement. “This action by the U.S. government sends a clear signal that it will not tolerate this activity, wherever it is based.”
The sanctions, included in a 2015 executive order targeting cyber criminals, block Suex’s access to all U.S. property and prohibit Americans from transacting with the company.
Suex OTC is a private company based in the Czech Republic, according to Refinitiv’s Eikon.