New Treasury Sanctions Target Ransomware Groups' Finances

U.S. Treasury Targets Ransomware Finances with Sanctions

The U.S. Department of the Treasury is actively combating ransomware attacks through the imposition of sanctions against Suex, a virtual cryptocurrency exchange. This action stems from Suex’s involvement in processing payments made to ransomware operators.

First-of-its-Kind Sanctions

These sanctions represent the inaugural instance of the U.S. government targeting a cryptocurrency exchange directly. Consequently, American citizens and entities are now prohibited from engaging in any business dealings with Suex.

Broader Government Efforts

This measure is part of a comprehensive, government-wide initiative designed to address the escalating threat of ransomware. This includes the formation of a dedicated cross-agency taskforce and the offering of a $10 million reward for information leading to the identification of state-sponsored cybercriminals.

Impact on Ransomware Operations

Experts suggest that the Treasury’s actions against Suex, and the broader strategy of tracking financial flows, will significantly disrupt the operations of numerous prominent ransomware groups. While not eliminating ransomware entirely, hindering their ability to convert cryptocurrency into usable funds could substantially slow their activities.

Suex’s Role in Illicit Activity

Chainalysis, a firm that assisted in the investigation, has characterized the sanctions as a substantial victory. They identify Suex as a major facilitator of cryptocurrency-based money laundering.

According to a Chainalysis blog post, the exchange has processed approximately $13 million in ransomware payments from groups like Ryuk and Maze since its establishment in 2018. Furthermore, Suex reportedly handled over $24 million from cryptocurrency scam operators.

Transaction Analysis

The Treasury Department reports that more than 40% of all transactions linked to Suex have been associated with illicit activities.

Future Targets and Concentration of Illicit Funds

Gurvais Grigg of Chainalysis anticipates continued targeting of cryptocurrency exchanges by U.S. authorities. However, his analysis indicates that a small number of services handle the majority of illicit funds.

“Based on our data from 2020, just five services accounted for 82% of all ransomware funds received,” Grigg stated to TechCrunch.

Focus on Nested Services and OTC Brokers

Paul Sibenik, from CipherBlade, a blockchain forensics company, predicts that the U.S. will also pursue smaller, less-known services and over-the-counter (OTC) brokers. These brokers facilitate direct trading between parties, often utilizing larger exchanges for liquidity.

Sibenik explains, “While an attacker may avoid direct accounts at major exchanges by using a rogue OTC like Suex, the exchange is still ultimately enabling the transaction.”

Exchange Responsibility

Sibenik emphasizes that exchanges have a responsibility to monitor for suspicious transactions. It is also crucial to ensure that any OTCs or nested services they collaborate with maintain compliance.

“Failure to do so could result in enforcement actions and potential legal liabilities,” he warns.

Evolving Ransomware Tactics

The Treasury’s sanctions, and the prospect of further actions, are expected to prompt ransomware actors to adapt their strategies. This is already evident in the increasing adoption of double extortion techniques.

Double extortion involves not only encrypting files but also exfiltrating data and threatening its public release if the ransom is not paid.

Shift to Privacy Coins

Sibenik has observed some threat actors transitioning from Bitcoin to Monero, a cryptocurrency considered difficult to trace. However, he notes that even this approach is becoming less viable.

Many exchanges have delisted so-called privacy coins in response to regulatory guidance, making it harder to convert them into traditional currency.

The Importance of Fiat Conversion

“Cryptocurrency’s value lies in its ability to be exchanged for goods, services, or traditional currency,” Grigg points out. “This conversion process becomes significantly more challenging with privacy coins.”