US Treasury Dept. Sanctions Cryptocurrency Exchange Over Ransomware Transactions
The US Treasury has sanctioned a cryptocurrency exchange for handling transactions for ransomware operators. Suex is registered as a business in the Czech Republic but operates through offices in Russia. According to the Treasury Dept., “Analysis of known SUEX transactions shows that over 40% of SUEX’s known transaction history is associated with illicit actors. The sanctions include freezing Suex’s US assets and prohibiting companies doing business in the US from conducting transactions through Suex.
It is hard to find trustable statistics, but it appears that overall, less than 2% of transactions using “cryptocurrencies” are criminal in nature. Most of the transactions are investor trading, which is a different thing to worry about. But there should be global pressure and sanctions on exchanges that are enabling any criminal transactions.
With OFAC Sanctions in place, there are significant consequences for using their services in the U.S. Which means that if you’re deciding to pay a ransomware demand via Suex, you and your financial institution (FI) would be subject to sanctions or other enforcement actions, both of which are deal breakers for the FI.
This is an interesting way to undermine the payment flow these criminal gangs rely on. It also illustrates that tackling cybercrime needs a cohesive and wide ranging approach and not technical controls by themselves. In theory, this may be an effective way to undermine the payment flow these criminal gangs rely on and hopefully won’t turn into a “whack-a-mole” type operating.
I welcome the U.S. government stepping up their defense against ransomware by classifying it as a criminal, economic, and national-security threat. Cryptocurrency leverages blockchain which means we can trace transactions and they can't be removed or hidden after they occur. Don't let the government do all the work for you though; test, measure, and improve your ability to detect and respond to threats before impact.
To me this seems a far more effective approach than punishing victim companies that pay a ransom. Interesting to see US Treasury targeted SUEX as over 40% of its transactions were ransomware-related. This will obviously not stop ransomware attacks, but is a step in the right direction, targeting financial exchanges heavily involved in supporting criminal activities.
Chainanlysis and Treasury cooperated to produce a report on this effort: https://blog.chainalysis.com/reports/ofac-sanction-suex-september-2021