White House blacklists Russian ransomware payment ‘activators’, Telecom News, ET Telecom
The Treasury Department sanctions are aimed at neutralizing the economic infrastructure of a ransomware threat that has grown over the past year, crippling businesses, schools, hospitals and critical infrastructure, including a major pipeline of fuel. Ransomware payments reached over $ 400 million in 2020, the costliest year on record.
The aim is to attack the “financial enablers” of ransomware gangs, Deputy Treasury Secretary Wally Adeyemo told reporters. “Today’s action is a signal of our intention to expose and disrupt the illicit infrastructure using these attacks.”
The blacklisted brokerage house is SUEX OTC, a “nested exchange” that has traded from accounts on the world’s major legal cryptocurrency exchanges. Such transactions process a disproportionate number of illicit transactions, Adeyemo said. In the case of SUEX, officials said, more than 40% of its known transactions have been linked to illicit actors. That’s over $ 370 million, according to cryptocurrency tracking company Elliptic.
Through its Office of Foreign Assets Control, the Treasury Department has already sanctioned ransomware developers and distributors – although periodic withdrawals and rebranding of ransomware strains have complicated these efforts. Officials say more such designations are possible.
SUEX is one of the largest and most active of a small group of illicit services that handle most of the money laundering for cybercriminals, including crooks and darknet market operators, another company said. Crypto Transaction Tracker, Chainalysis, in a blog post. These companies work closely with law enforcement to track criminal money laundering online.
Although legally registered in the Czech Republic, SUEX has no known physical presence and operates from branches in Moscow and St. Petersburg, Russia, where users can withdraw their virtual currency, Chainalysis said, adding that it also operates in the Middle East. East.
Chainalysis said that SUEX claims it can convert cryptocurrency holdings into cash and even real estate, cars and yachts.
Most ransomware gangs operate beyond the reach of Western law enforcement agencies in Russia and the Allied states. President Joe Biden has repeatedly told Vladimir Putin that he expects the Russian president to crack down on gangs, but administration officials say they have seen no sign of Moscow cooperating.
Chainalysis said SUEX was laundering money from the illicit BTC-e cryptocurrency exchange, which U.S. authorities shut down, possibly on behalf of administrators, associates or former users. The operator of BTC-e, arrested on vacation in Greece, was sentenced to five years in prison by a French court in December.
“SUEX communicated extensively with its clients on the Telegram app and accepted new clients on a trusted intermediary referral system. This was not the kind of business where a random person on the Internet could open an account. another crypto-tracking company, TRM Labs, said in a blog post. “Transactions were only carried out in person at the SUEX offices.”
TRM Labs CEO Esteban Castano has said that SUEX is what is called a “parasite swap”. They are difficult to detect by the legitimate exchanges whose infrastructure they operate because they open accounts using fraudulent or stolen credentials to meet KYC requirements and then go unnoticed.
Chainalysis said that SUEX deposit addresses hosted on major exchanges have received more than $ 160 million in Bitcoin alone from cybercriminals since the brokerage opened in early 2018, including nearly $ 13 million. dollars from ransomware operators, including Ryuk, Conti, and Maze. Ethereum and Tether are among the other cryptoassets managed by SUEX.
The Treasury Department said it is also updating the guidelines for ransomware victims that it first released last year. The advisory strongly discourages victims from paying for ransomware, reminding them that some transactions are against the law, and urges victims to report attacks to law enforcement.
“The reality is what we know about this ecosystem is how we prevent ransomware attacks by ensuring law enforcement is engaged as soon as possible,” Adeyemo said.