Cyber security updates
Log in to myFT Daily Digest to be the first to know about cyber security news.
The U.S. Treasury Department has sanctioned a cryptocurrency exchange that allowed ransomware hackers to launder extortion payments from victims in one of its most significant interventions to date against a group of digital assets.
Working with the FBI, the Treasury Department’s Office of Foreign Assets Control announced restrictions on an exchange called SUEX that it deliberately allowed “illegal activity for” [its] own unauthorized profits ”.
The sanctions prevent U.S. citizens and corporations from doing business with the group, with penalties that include fines.
The move marks a new frontier in the government’s fight against a scourge of ransomware attacks, in which hackers confiscate a company’s systems or data, only to be released if a ransom is paid.
Cyber security experts have long called for tighter barriers to prevent cyber criminals from receiving and subsequently laundering ransom payments that are normally made possible by the use of hard-to-track cryptocurrencies.
According to the Treasury Department, around 40 percent of SUEX’s transactions are linked to illegal actors, while the company has enabled money laundering from more than eight ransomware variants.
SUEX’s website states that the company was founded in Prague, Czech Republic, while its LinkedIn page says it is “used by thousands of residents in Russia, Europe, Asia, South and North America”.
According to the crypto intelligence group TRM Labs, SUEX works as a so-called “nested” exchange, which means that instead of acting as the direct custodian of the crypto funds of its customers, it only provided a tailor-made interface and at the same time the services of . took up a major exchange.
According to TRM Labs, the exchange, which appears to be processing transactions of $ 10,000 or more, accepted new customers through a referral system from trusted intermediaries.
Its largest shareholder is a Russian citizen, said TRM. A message has been returned to the email listed on the SUEX website.
Ofac said it would “continue to impose sanctions on those actors and others who materially support, sponsor, or provide financial, material, or technological assistance” – a statement that will send a warning to other major cryptocurrency exchanges that are anti – Money laundering and know-your-customer skills.
Ransomware attacks have exploded in volume as a pandemic shift to remote working has made businesses more vulnerable to intruders. The trend was brought into the spotlight earlier this year by several bold and highly disruptive attacks, including one on the East Coast Colonial Pipeline.
The Treasury Department also updated its ransomware advisory on Tuesday to recommend that victims disclose violations to law enforcement and other U.S. agencies – especially if they are forced to pay a ransom, as it gives them additional leverage with regulators, if later found unknowingly broken sanctions.
Another “significant mitigating factor” will be whether a company will cooperate and share information with law enforcement agencies, the Treasury Department said.
The guidelines are updated to explicitly state that the government is against ransom payments altogether, as has been stated in public statements in the past.
Wally Adeyemo, deputy finance minister, said the agency is also “investigating” the role of blenders – third-party services that mix illegal funds with clean cryptocurrencies before redistributing them, upsetting investigators.
Many experts have not only complained against the crypto payment infrastructure, but also that the Biden government should crack down on Moscow as the majority of ransomware criminals are believed to be based in Russia or Russian-speaking countries and are allowed to operate with impunity.
Sign up for our weekly newsletter to receive the latest fintech news and opinions from FT’s worldwide network of correspondents #fintechFT
Register here with one click
In July, Joe Biden warned Russian President Vladimir Putin that the country would face consequences if it did not take action against such hackers and warned that certain critical infrastructure units were taboo.
The Treasury Department said Tuesday it plans to make better use of international cooperation and multilateral forums such as the G7 and the United Nations. It tried to encourage ransomware criminals based countries to take action or be “held accountable” for failing to do so.
When asked about a recent ransomware attack on an Iowa grain cooperative that analysts believe was carried out by an allegedly Russia-related group called BlackMatter, the White House told reporters it has not yet made a formal attribution .