The Biden administration has announced new sanctions against cryptocurrency exchange Suex for using its platform to receive revenue for ransomware groups adding to the growing trend of cyberattacks targeting companies and government agencies.
It marks the first of such action against a virtual currency exchange. The Treasury said ransomware payments totaled more than $400 million in 2020 alone, four times more than it was in 2019, and it is taking new measures to see it stops.
The sanction means Suex’s access to US markets has been cut off. The department alleged that Suex “has facilitated transactions involving illicit proceeds from at least eight ransomware variants.” It also said that more than 40% of the company’s known transaction history is “associated with illicit actors.”
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
The Treasury Department has also updated guidance to US businesses on paying ransoms to cybercriminals, saying that it “strongly discourages” such action.
Cyberattacks targeting US companies were notably significant this year with the ransomware attack against Colonial Pipeline – the largest fuel pipeline in the United States – in May. Carried out by the Russian-linked Darkside ransomware group, the attack forced Colonial Pipeline to take systems offline and halt all pipeline operations. The height of the attack rattled the US government with the Biden administration issuing emergency waivers in response, lifting limits on the transportation of fuels by road as fears of shortages begin to put upward pressure on oil and gas prices.
Bloomberg reported that Colonial Pipeline handed over almost $5 million to the attackers for decryption of its data, some of which was subsequently recovered by the Justice Department in June. It took Colonial Pipeline several days to get operations back to normal.
CSO reported that earlier this week, New Cooperative, a grain distributor with 60 locations in Iowa, fell victim to a large ransomware attack by a Russian-speaking group known as BlackMatter. The attackers are believed to have requested almost $6 million for the release of the data, although this is unconfirmed by New Cooperative. An investigation into the incident is ongoing.
The new sanctions against Suex, a platform that offers an easy and often difficult to trace way to buy and exchange cryptocurrency, are an effort by the Biden administration to prevent ransomware payments that encourage actors to carry out further attacks against US companies.
Commenting to reporters ahead of the announcement, Treasury Deputy Secretary Wally Adeyemo said, “Exchanges like Suex are critical to attackers’ ability to extract profits from ransomware attackers,” adding that the action “is a signal of our intention to expose and disrupt the illicit infrastructure using these attacks.”
However, John Bambenek, principal threat hunter at Netenrich, questions whether the move will have any material impact on the proliferation of ransomware.
“Attempting to stop ransom payments didn’t help the kidnapping problem we saw in Sou a couple of decades ago, and it’s not likely to help much here either,” he tells CSO. “Sanctions against providers may make a degree of sense as long as the more honest providers are able, willing, and incentivized to report bad behavior on their platforms. What is more important in stopping ransomware is finding those involved and getting them brought to justice, and these kinds of actions actually could impair intelligence collection on those bad actors.”
This new line of action is expected to deter other crypto exchanges, making it difficult for them to facilitate transactions for ransomware criminals.