Sanctions have been imposed on SUEX, a virtual currency exchange, by the United States Department of the Treasury (USDT) for aiding at least eight ransomware variants in laundering their crypto ransoms, according to a press release. The department’s Office of Foreign Assets Control (OFAC) listed the company as a specially designated national (SDNs) for illicit transactions facilitated on its platform, as per the release.
Suex’s property and interests in property under U.S. jurisdiction will be blocked due to this designation, and U.S. citizens are prohibited from engaging in transactions with Suex. The USDT has also blocked entities in which Suex owns a stake of 50 percent or more. It warned that financial institutions found to be in business with Suex will attract “sanctions or be subject to an enforcement action”.
More than 40 percent of Suex’s transactions involve malicious actors, the USDT said. This translates to more than $370 million as per an analysis by Elliptic, a cryptocurrency-tracking firm, that was reported on by the Associated Press. More such designations are possible in the future, the AP report added.
“Exchanges like Suex are critical to attackers’ ability to extract profits from ransomware attacks. Today’s action is a signal of our intention to expose and disrupt the illicit infrastructure used in these attacks,” Deputy Treasury Secretary Wally Adeyemo was quoted as saying by AP.
The sanctions mark the first time that action has been taken against a crypto exchange in light of growing ransomware attacks. It indicates that the U.S. government is going after the economic infrastructure leveraged by ransomware attackers who have targeted corporations, schools, hospitals, and critical infrastructure, including a fuel pipeline in the last two years.
US government’s next steps to tackle ransomware attacks
Anne Neuberger, the deputy national security advisor to the Biden administration, laid out a four-pronged approach to tackle ransomware attacks which includes disrupting ransomware actors and infrastructure, shoring up possible target entities, limiting cryptocurrency payments, and building international cooperation to mitigate future attacks, CoinDesk reported.
The USDT elaborated on some of the steps under this approach:
- Monitor crypto transaction facilitators: The department is training its focus on mixers, and the role they play in illegal transactions, according to CoinDesk. A mixer is a service that mixes different streams of potentially identifiable cryptocurrency improving anonymity. “While most virtual currency activity is licit, virtual currencies can be used for illicit activity through peer-to-peer exchangers, mixers, and exchanges. This includes the facilitation of sanctions evasion, ransomware schemes, and other cybercrimes,” read the statement from the USDT.
- Foster international cooperation: The department highlighted the fact that the Financial Action Task Force (FATF) amended its standards to require all countries to regulate and supervise virtual asset service providers (VASPs), including exchanges. Countries must impose customer due diligence (CDD) requirements and suspicious transaction reporting obligations across VASPs. It stressed the need for all countries to implement and enforce the FATF’s standards on virtual assets and VASPs.
- Advisory for victims: The USDT also updated the advisory, released last year, for ransomware victims. The advisory urges victims to desist from paying ransomware and urged them to take cyber security seriously. The department requested victims to come forward and report attacks to law enforcement as it is “essential for agencies to understand and counter ransomware attacks”. The advisory reminds U.S. entities that they could face penalties for making payments to a sanctioned actor, even if they’re unaware of that fact, CNBC reported. The business news website added that OFAC would consider a company’s cooperation over a ransomware attack in determining its ultimate consequences.
Measures taken in the past: The U.S government had earlier announced the formation of a dedicated group to examine ransomware, CoinDesk added. A new bill proposed in the US Senate requires government contractors and critical infrastructure companies to disclose cyberattacks. The bill protects them from legal action for a limited period over these disclosures.
What do we know about Suex?
- An over-the-counter exchange registered in Czech Republic but operates mostly out of Russia from cities like Moscow and St. Petersburg, Chainalysis said in its blog post.
- Began operations in 2018, and has moved hundreds of millions of dollars worth of cryptocurrency, mostly in Bitcoin, Ether, and Tether, the crypto-transaction tracking firm revealed.
- Converts cryptocurrency into cash at physical branches in Russia and the Middle East. It even claims to facilitate the exchange of cryptocurrency for physical assets like real estate, cars, and yachts, the blog added.
- Received over $50 million worth of Bitcoin sent from addresses hosted at the infamous cryptocurrency exchange BTC-e from 2018 through 2021, long after the latter was shut down by U.S. authorities for enabling money laundering in 2017.
- Suex is a nested exchange that conducts transactions from accounts on legitimate global cryptocurrency exchanges. Nested exchanges take advantage of the greater liquidity and lower transaction costs of multinational exchanges and present customers with a custom interface obscuring the connection to the larger service, a crypto tracking firm, TRM Labs, elaborated in its post.
- Communication with Suex clients takes place on the Telegram app and it accepts new customers on a system of referrals from trusted intermediaries, TRM Labs added.
- Accenture becomes latest victim of a ransomware attack, but says no disruption to operations
- Pine Labs becomes latest victim of ransomware attack, 500,000 unique records exposed: Report
- 2021 is going to be the year of ransomware: National Cybersecurity Coordinator Lt Gen (Dr) Rajesh Pant – #NAMA
- Tech giants Amazon, Google, and Microsoft partner with US cyber team to counter ransomware attacks
- Google removes 8 fake cryptocurrency mining apps after cybersecurity firm exposes them as malware
Have something to add? Post your comment and gift someone a MediaNama subscription.