In response to the ransomware clampdown, the US has imposed sanctions on cryptocurrency exchanges.
In one of its most significant interventions to date against a digital asset firm, the US Treasury has imposed penalties on a cryptocurrency exchange it claims allowed ransomware criminals to launder extortion money from victims.
The US Treasury's Office of Foreign Assets Control placed restrictions on an exchange called SUEX, which it said "deliberately enabled unlawful activities for [its] own illicit gains" in collaboration with the FBI.
The sanctions prohibit US citizens and companies from transacting with the organisation, with penalties that include fines.
The measure represents a fresh step forward in the government's fight against the epidemic of ransomware assaults, in which hackers capture a company's systems or data and demand a ransom payment before releasing them.
Experts have long advocated for stronger obstacles to prevent cyber criminals from accepting and subsequently laundering ransom payments, which are often made possible by the use of hard-to-trace cryptocurrencies.
Some 40 percent of SUEX's transactions are tied to illegal actors, and the company has helped launder money from more than eight ransomware versions, according to the Treasury Department
SUEX was founded in Prague, Czech Republic, according to its website, and it is “used by thousands of people of Russia, Europe, Asia, South and North America” according to its LinkedIn page.
SUEX is a "nested" exchange, which means it is connected to other exchanges, TRM Labs, a crypto intelligence company, claims that, which implies that rather than serving as a direct custodian of its clients' crypto funds, it just supplied a custom-made interface while utilising the services of a larger exchange.
TRM Labs claims that the exchange, which appeared to trade in $10,000 or more transactions, accepted new users through a referral system from trustworthy intermediaries.
A Russian national is the largest stakeholder, TRM remarked. A message sent to the SUEX website's email address was returned as undeliverable.
Ofac said it would "continue to impose sanctions on these actors and others who materially assist, sponsor, or provide financial, material, or technological support for these activities" — a warning to other larger cryptocurrency exchanges that haven't beefed up their anti-money laundering and "know-your-customer" capabilities.
As a result of the pandemic-related shift to remote working, ransomware assaults have increased in volume, making firms more exposed to invaders. Several bold and highly disruptive attacks, notably one on the East Coast's Colonial Pipeline, brought the practise to light earlier this year.
On Tuesday, the Treasury updated its ransomware advisory, advising victims to report breaches to law enforcement and other US agencies, especially if they feel compelled to pay a ransom, as this will give them more leverage with regulators if they are later discovered to have unwittingly broken sanctions.
Another "important mitigating element" will be whether a corporation cooperates with law enforcement and exchanges information, according to the Treasury.
The guidance will be amended to specifically say that the government rejects paying ransoms in the first place, as it has previously stated in public statements.
The role of mixers — third-party services that mix illicit assets with clean cryptocurrency before dispersing them, throwing investigators off the track — is also being investigated, according to Wally Adeyemo, deputy secretary of the Treasury.
Many experts have warned that, in addition to attacking crypto payments infrastructure, the Biden administration should be stricter on Moscow, given that the majority of ransomware offenders are believed to be headquartered in Russia or Russian-speaking nations and operate with impunity.
Joe Biden warned Russian President Vladimir Putin in July that if the government did not act against such hackers, it would suffer consequences, and that certain critical infrastructure entities would be off limits.
The Treasury Department announced on Tuesday that it intends to make better use of international cooperation and multilateral platforms such as the G7 and the UN. It aimed to persuade countries harbouring ransomware perpetrators to take action or face being "held accountable" if they did not.
When questioned about a recent ransomware attack on an Iowa grain cooperative that researchers believe was carried out by a suspected Russian-linked group known as BlackMatter, the White House told reporters that no formal attribution had been made.
