Treasury sanctions cryptocurrency exchange for facilitating ransomware payments

The Treasury Department on Tuesday announced a set of actions designed to crack down on ransomware attack payments following a major uptick in cases in recent months against U.S. companies.

As part of the actions, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued its first sanctions against a virtual currency exchange, targeting SUEX OTC for allegedly facilitating ransomware payments.

In addition, OFAC issued an advisory warning that it could issue further sanctions against other cryptocurrency exchanges, cyber insurance companies, and financial institutions facilitating ransomware payments, particularly if the payments are made to previously sanctioned individuals or groups.

The advisory reiterated the federal government’s stance that victims should not pay ransoms, and that facilitating a payment “may enable criminals and adversaries with a sanctions nexus to profit and advance their illicit aims.”

“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy,” Treasury Secretary Janet Yellen said in a statement Tuesday. “We will continue to crack down on malicious actors.”

“As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks,” Yellen said.

Cryptocurrency exchanges are often used by cybercriminals to facilitate the transfer of funds due to the difficulty in tracking the payments.

The Wall Street Journal first reported that the Biden administration would take action against cryptocurrency ransomware payments through the use of sanctions last week.

The Treasury Department previously issued two advisories last year warning against paying ransomware demands, and that companies facilitating payments could face federal repercussions. 

The Treasury Department’s actions come after a year of escalating cyberattacks against thousands of U.S. government and private institutions, with ransomware attacks becoming a particular concern. 

Separate ransomware attacks in May by Russia-based cybercriminal groups temporarily disrupted operations of Colonial Pipeline, which provides 45 percent of the East Coast’s fuel, and of JBS USA, one of the nation’s largest meat producers.

Both Colonial Pipeline and JBS USA chose to pay the ransoms demanded, though the Justice Department was later able to recover the majority of the roughly $4.4 million in bitcoin paid to the hackers by Colonial.

Hospitals and schools have also become targets of attack, and the dangers were underlined Monday when New Cooperative, a major agricultural group, suffered a ransomware attack that posed a danger to the food supply chain.