The US Treasury Department has sanctioned the Czech Republic and Suex OTC, a Russian-based company, for allegedly allowing hackers to access cryptocurrencies supplied as payment for ransomware attacks.
The Treasury Department’s Office of Foreign Assets Control, or OFAC, added Suex OTC to its list of Specially Designated Nationals for whose “assets are frozen and U.S. citizens are generally prohibited from dealing with them” in an advisory update released on Tuesday.
Suex OTC’s offices in Moscow and Prague, as well as its website and 25 crypto addresses for Ether (ETH), Bitcoin (BTC), and Tether (USDT), were listed by the government agency (USDT).
Companies that facilitate ransomware payments to cyber actors on behalf of victims, such as financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands, but they also risk violating OFAC regulations, according to the federal agency.
“The United States government strongly advises all private enterprises and persons to refrain from paying ransom or extortion demands, and instead to work on developing defensive and resilience measures to avoid and protect against ransomware attacks.”
Treasury Deputy Secretary Wally Adeyemo told Reuters that “exchanges like Suex are important to attackers’ ability to recover earnings from ransomware criminals,” implying that cryptocurrency is being targeted. He went on to say that the penalties were meant to “destroy the criminal infrastructure with these attacks.”
Chainalysis, a blockchain analytics firm, said it was looking into Suex’s money laundering activities, stating that many of its funds came from “illicit and high-risk sources.”
According to the firm’s study, “tens of millions” of dollars in crypto payments came from addresses linked to various cybercrimes.
Suex’s deposit addresses hosted at prominent exchanges have collected over $160 million in Bitcoin alone from ransomware attackers, scammers, and darknet market operators, according to Chainalysis.
“Ransomware operators have demanded $13 million […] $24 million has been stolen from bitcoin scammers […] Darknet markets have raised $20 million […] BTC-e addresses have been linked to $50 million in cryptocurrencies.”
After a group of hackers entered the network behind the Colonial Pipeline in the United States in May, purportedly forcing the company to pay a ransom of more than $4 million, ransomware assaults appear to be on President Joe Biden’s agenda.
JBS, a food packaging company based in the United States, was targeted in a similar attack that cost the company $11 million.
Cryptocurrencies have been targeted by a number of US officials as a means of payment in these ransom payments. Jake Sullivan, Vice President Joe Biden’s national security adviser, said in June that crypto “lies at the heart of how these ransom transactions are carried out,” noting cyberattacks as a “national security priority” for the US government, particularly for “vital infrastructure.”