Officials said the Biden administration imposed penalties on a cryptocurrency exchange on Tuesday for its suspected role in allowing unlawful ransomware payments, as part of a larger assault on the increasing menace.
Suex OTC, S.R.O. has been charged by the Treasury Department of enabling transactions using illegal funds for at least eight ransomware variants, marking the first time the government has taken action against a virtual currency exchange for ransomware activities.
In a call with reporters on Monday evening, Treasury Deputy Secretary Wally Adeyemo stated, “Exchanges like Suex are crucial to attackers’ capacity to collect revenues from ransomware perpetrators.” The hack “is a signal of our determination to use these attacks to expose and destroy the illegal infrastructure.”
Ransomware is a type of malware that is used by hackers to shut down systems that govern anything from medical bills to manufacturing. They only quit after receiving large sums of money, usually in cryptocurrencies.
This year, ransomware gangs have hit numerous important U.S. companies in large scale hacks. One such attack on pipeline operator Colonial Pipeline led to temporary fuel supply shortages on the U.S. East Coast. Hackers also targeted an Iowa-based agricultural firm, sparking fears of disruptions to grain harvesting in the Midwest.
In 2020 ransomware payments reached over $400 million, more than four times the level in 2019, Anne Neuberger, deputy national security adviser for cyber, told reporters on the call.
The threat has grown so prominent that U.S. President Joe Biden reportedly told Russian President Vladimir Putin during a July meeting that “critical infrastructure” companies should be off limits to ransomware gangs. Such groups often operate from Russia or Ukraine, according to cybersecurity experts and federal prosecutors.
Officials on the call said the administration is updating guidance on sanctions to encourage victims of ransomware attacks to share information with law enforcement.
The Treasury said an analysis of known Suex transactions shows that over 40% of them involved illicit actors. While some exchanges are exploited by bad actors, others like Suex, “facilitate illicit activities for their own illicit gains,” the agency added in a release.
“Rogue cryptocurrency exchanges have long been key enablers for ransomware gangs,” said Tom Robinson, chief scientist and co-founder of blockchain analysis firm Elliptic in an emailed statement. “This action by the U.S. government sends a clear signal that it will not tolerate this activity, wherever it is based.”
The sanctions, included in a 2015 executive order targeting cyber criminals, block Suex’s access to all U.S. property and prohibit Americans from transacting with the company.
Suex OTC is a private company based in the Czech Republic, according to Refinitiv’s Eikon.