Politico | US Treasury unleashes cryptocurrency sanctions to fight ransomware
- The new sanctions will block all trades involving Suex – a cryptocurrency exchange operating in Russia – and US entities
- The move comes amid a rise in ransomware attacks, including the Colonial Pipeline hack that shut down one of the largest fuel delivery sources in the US
This story is published in a content partnership with POLITICO. It was originally reported by Sam Sabin and Victoria Guida on politico.com on September 21, 2021.
The US Treasury Department on Tuesday announced a crackdown on the use of digital currencies in ransomware attacks and other financial crimes, including its first-ever sanctions against a crypto exchange.
Treasury said about 40 per cent of the transactions at the sanctioned cryptocurrency exchange operating in Russia – Suex – involved illicit activities. The new sanctions will block all trades involving Suex and US entities. The department also plans to identify other exchanges tied to illegal schemes.
Treasury on Tuesday also said it was updating ransomware guidance for victims to include a clear statement advising companies not to pay any ransom demanded by hackers.
Treasury announced the moves amid a rise in ransomware attacks, in which cyber criminals demand payment – often in the form of digital currency – from their victims.
The ransomware hack of the Colonial Pipeline in May led to the shutdown of one of the largest fuel delivery sources in the US for nearly a week and caused supply disruptions along the East Coast. Colonial paid a ransom that was partially recovered by US authorities.
“The majority of virtual currency exchanges are dealing in predominantly legal activity and have improved their compliance regimes over the last few years,” Treasury Deputy Secretary Wally Adeyemo said. “However, there is a subset of smaller nascent exchanges transacting a disproportionate amount of the illicit transactions flowing through the virtual currency ecosystem.”
Getting the Treasury Department involved is one of the Biden administration’s latest attempts to stymie the threat of ransomware gangs, especially as they continue to target US infrastructure.
Why US is so powerless against suspected Russian ransomware hackers
Administration officials have met business leaders to discuss ways to combat growing cyber threats, launched a whole-of-government ransomware fighting strategy in July that includes weekly meetings to discuss ransomware threats and have looped in international partners to tackle the problem together.
But the Treasury Department’s move is the first that hits at the crux of the issue: “Criminals operate in the space because it's profitable,” Anne Neuberger, the White House’s deputy national security adviser focused on cyber issues, told reporters.
Ransomware criminals have come to rely on bitcoin and other digital currencies to have victims pay what could be upwards of millions of dollars to decrypt their files and prevent future leaks of stolen data from an attack. This reliance has prompted several cybersecurity experts to call for either tighter regulations on the use of cryptocurrency or to altogether ban the use of crypto.
06:54
Is cryptocurrency too risky for China?
Ari Redbord, head of legal and government affairs at crypto forensics company TRM Labs and former senior adviser to the Treasury Department’s terrorism and financial intelligence unit, said Treasury's actions show there is a way for the government to put limits on the digital currencies without hurting everyday crypto users.
“This actually really shows the opposite: that law enforcement and regulators can go after the illicit actors who take advantage of crypto without sort of going after the technology itself,” said Redbord, who is also a former assistant US attorney general.
The Suex cryptocurrency exchange is incorporated in the Czech Republic but operates in Russia. The company mostly communicated with its clients through encrypted chat app Telegram and accepted new customers only through referrals, according to TRM Labs.
Suex's minimum acceptable transaction was about US$10,000 – making it ripe for potential ransomware activity because most ransom demands are either in the thousands or millions of dollars. Suex is what TRM calls a “nested exchange”, meaning it used the infrastructure of a larger exchange to handle transactions.
Read Politico’s story.
