[BreachExchange] Treasury Department sanctions Suex for processing ransomware payments

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Wed Sep 22 08:39:42 EDT 2021


https://siliconangle.com/2021/09/21/treasury-department-sanctions-suex-processing-ransomware-payments/

The U.S. Treasury Department today sanctioned a cryptocurrency exchange for
its alleged role in processing ransomware payments.

The Treasury’s Officer of Foreign Assets Control said in a publication of
updated ransomware advisory with a cyber-related designation that it had
added Suex OTC S.R.O. (aka “Successful Exchange”) to its list of Specially
Designated Nationals.

The SDN list includes individuals and companies owned or controlled by, or
acting for or on behalf of, targeted countries, as well as terrorists and
narcotics traffickers. Any people or companies on the list has their assets
blocked and U.S. persons are generally prohibited from dealing with them.

In the case of Suex, Treasury has targeted the company as part of a set of
actions focused on disrupting criminal networks and virtual currency
exchanges responsible for laundering ransoms.

Suex is claimed to facilitate financial transactions involving illicit
proceeds from at least eight ransomware variants. Analysis of known Suex
transactions shows that more than 40% of the exchange’s known transaction
history is associated with illicit actors. As such, Suex has been
designated an SDN pursuant to Executive Order 13694 for providing material
support to the threat posed by criminal ransomware actors.

While noting that most cryptocurrency is not used for illicit purposes, the
department did say that it will continue to use its authority against
malicious cybersecurity actors. It would do so in conjunction with other
departments and agencies, along with foreign partners, to “disrupt
financial nodes tied to ransomware payments and cyberattacks.”

What’s missing from the Treasury Department is what forms of ransomware are
involved. Also notably missing is an emphasis on Russia, despite Suex
having an address in a major office tower in Moscow.

In July the Biden administration vowed to take action against Russia if
linked to previous ransomware attacks. The administration also announced
Sept. 17 that it was rolling out sanctions targeting ransomware payments.
The announcement targeting Suex is the first time action in this manner has
been taken.

“The U.S. government is using sanctions as a primary way to slow down the
cryptocurrency exchanges,” James McQuiggan, security awareness advocate at
security training company KnowBe4 Inc., told SiliconANGLE. “At the same
time, those impacted by ransomware attacks could be those more impacted by
these sanctions. Suppose they cannot utilize the crypto exchanges to pay
the ransom based on their policies and procedures. In that case, these
sanctions remove the ability to collect the decryption keys and prevent
cybercriminals from exposing their data online.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210922/ec88094f/attachment.html>


More information about the BreachExchange mailing list