US imposes sanctions on crypto exchange over ransomware payments

Washington  —  The Biden administration on Tuesday unveiled sanctions against a cryptocurrency exchange over its alleged role in enabling illegal payments from ransomware attacks, officials said, part of a broader crackdown on the growing threat.

The Treasury department accused digital asset group Suex of facilitating transactions involving illicit proceeds for at least eight ransomware variants, its first such move against a virtual currency exchange over ransomware activity.

“Exchanges like Suex are critical to attackers' ability to extract profits from ransomware attackers,” Treasury deputy secretary Wally Adeyemo said in a call with reporters previewing the announcement on Monday evening. The action “is a signal of our intention to expose and disrupt the illicit infrastructure using these attacks”.

Hackers use ransomware to take down systems that control everything from harbours to manufacturing. They stop only after receiving hefty payments, typically in cryptocurrency.

In 2021, ransomware gangs have hit numerous important US companies in large scale hacks. One such attack on pipeline operator Colonial Pipeline led to temporary fuel supply shortages on the US East Coast. Hackers also targeted an Iowa-based agricultural firm, sparking fears of disruptions to grain harvesting in the Midwest.

JBS Foods, the world's largest beef supplier and a ransomware victim, said on June 9 it paid $11m to hackers, reports said.

In 2020, ransomware payments reached more than $400m, more than four times the level in 2019, Anne Neuberger, deputy national security adviser for cyber, told reporters on the call.

The threat has grown so prominent that US President Joe Biden reportedly told Russian President Vladimir Putin during a July meeting that “critical infrastructure” companies should be off limits to ransomware gangs. Such groups often operate from Russia or Ukraine, according to cybersecurity experts and federal prosecutors.

Officials on the call said the administration is updating guidance on sanctions to encourage victims of ransomware attacks to share information with law enforcement.

The Treasury said an analysis of known Suex transactions shows that over 40% of them involved illicit actors. While some exchanges are exploited by bad actors, others such as Suex, “facilitate illicit activities for their own illicit gains”, the agency added in a release.

“Rogue cryptocurrency exchanges have long been key enablers for ransomware gangs,” said Tom Robinson, chief scientist and co-founder of blockchain analysis firm Elliptic in an emailed statement. “This action by the US government sends a clear signal that it will not tolerate this activity, wherever it is based.”

The sanctions, included in a 2015 executive order targeting cyber criminals, block Suex’s access to all US property and prohibit Americans from transacting with the company.

Suex is a private company based in the Czech Republic, according to Refinitiv’s Eikon.

Reuters