The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies.
"Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity," the department said in a press release. "Analysis of known SUEX transactions shows that over 40% of SUEX's known transaction history is associated with illicit actors. SUEX is being designated pursuant to Executive Order 13694, as amended, for providing material support to the threat posed by criminal ransomware actors."
According to blockchain analytics firm Chainalysis, SUEX is legally registered in the Czech Republic and operates out of offices in Moscow and St. Petersburg, with the exchange's 25 deposit addresses receiving over $481 million in Bitcoin alone since becoming active in February 2018. A substantial portion of those transfers — amounting to nearly $162 million — originate from ransomware operators such as Ryuk, Conti, and Maze, cryptocurrency scam operators, darknet markets, and high-risk exchanges.
The development marks the first instance of such an action against a virtual currency exchange and follows a wave of devastating ransomware attacks that have increased in frequency and severity, hobbling critical infrastructure and numerous entities in recent months and making them an economical and national security threat. In 2020 alone, ransomware payments are said to have totaled over $400 million, more than four times that of 2019, with virtual currencies emerging as the principal means to conduct transfers and associated money laundering activities.
Ransomware refers to malicious software that's engineered to block access to computer systems, often by encrypting data or programs to extort ransom payments from victims in exchange for decrypting and restoring access to their systems or data. This is also accompanied by a threat to publicly disclose targets' sensitive files in a technique called double extortion.
"These payments represent just a fraction of the economic harm caused by cyber-attacks, but they underscore the objectives of those who seek to weaponize technology for personal gain," the Treasury Department added.
Officials also emphasized the role of virtual currencies in furthering illicit activity through peer-to-peer exchangers, mixers, and exchanges, not to mention help evade sanctions, carry out ransomware schemes, and conduct other financially motivated cyber crimes, making such technologies ripe for exploitation by bad actors. However, in SUEX's case, it helped facilitate illegal activity "for their own illicit gains."
Besides freezing all property assets of the designated target that are subject to U.S. jurisdiction, U.S. citizens are generally banned from performing transactions with sanctioned entities, and financial institutions that engage in certain activities with them could themselves face sanctions or be subjected to enforcement actions.
What's more, the U.S.Office of Foreign Assets Control (OFAC) released an updated advisory on the potential sanctions risks arising out of settling with ransomware actors, urging victims and related companies to not only refrain from paying ransoms but also "report these incidents to and fully cooperate with law enforcement as soon as possible."
"Shutting down cryptocurrency-based money launderers is one of the most important strategies to combat cryptocurrency-related crime," Chainalysis said. "It all comes down to incentives. If cybercriminals have no way of moving ill-gotten cryptocurrency to services where it can be stored safely or converted into cash, there's much less reason for them to use cryptocurrency in the first place."