The U.S. government sanctioned the cryptocurrency exchange SUEX for moving money for ransomware actors. In essence, that means U.S. citizens and corporate entities are banned from using it. The statement, released in September, is part of a wider effort to boost crypto security and “disrupt criminal networks and currency exchanges”.

The First Crypto Security Sanction

The Office of Foreign Assets Control (OFAC) at the U.S. Department of the Treasury justified this decision on the grounds that SUEX had “facilitated transactions involving illicit proceeds from at least eight ransomware variants”.

It also noted that 40% of the cryptocurrency exchange’s transactions involved illicit actors.

Other U.S. Government Efforts to Disrupt Ransomware Payments

This was the first time OFAC and the FBI leveled crypto security sanctions against a virtual currency exchange.

“Some virtual currency exchanges are exploited by malicious actors, but others, as is the case with SUEX, facilitate illicit activities for their own illicit gains,” OFAC noted.

As part of the same effort, OFAC updated an advisory discussing its designation of malicious digital attackers under a crypto-security sanctions program.

The version emphasized the ability of the U.S. Treasury Department to impose civil penalties for sanctions violations based on strict liability. So, a person could receive a punishment even if they didn’t know they had broken the law.

In addition, Senator Elizabeth Warren, D-Mass., introduced the Ransom Disclosure Act on Oct. 5 with Rep. Deborah Ross, D-N.C. If passed, the bill will require victims to disclose ransomware payments within a 48-hour period. This would allow the U.S. government to use that data to counter the growing ransomware threat.

Crypto Security Connections: Bitcoin Tied to Ransomware

The U.S. government does have an idea about the types of profits that ransomware gangs are making in the meantime. (Ransomware gangs often ask for payment in cryptocurrency, so a ransomware problem can also be a crypto-security problem.) The Financial Crimes Enforcement Network of the Treasury Department, created to combat money laundering and to counter funding terrorism, analyzed 177 virtual currency addresses used for ransomware payments in H1 2021. In doing so, it uncovered $5.2 billion worth of bitcoin transactions tied to ransomware.

Many of those ransomware transactions are tied back to REvil/Sodinokibi. This group accounted for 73% of ransomware detections in the second quarter of 2021, per McAfee, and it made a name for itself by demanding tens of millions of dollars in ransom from victims like Kaseya.

It’s not clear if REvil will continue these attacks, however. An unknown person hijacked the ransomware gang’s Tor payment portal and data leak blog. Bleeping Computer reported, “the operation in its current form will likely be gone for good.”

Preventing a Ransomware Attack So You Don’t Have to Pay Up

Security teams can help to improve crypto-security and prevent a ransomware attack by putting zero trust into action. This can help block connection attempts from suspicious devices and compromised user accounts. It can also limit the damage of a breach if and when one does occur.

At the same time, security teams can encrypt data across the technology stack, provide applications, allow listing and take advantage of fine-grained access control. These measures will help to further lock down protected systems against ransomware attacks.

More from News

Protecting Against Remote Monitoring and Management Phishing

3 min read - You use remote monitoring and management (RMM) software to closely monitor your cyber environment and keep your organization safe. But now cyber criminals are specifically targeting these tools, causing legitimate software to become a vulnerability. This is the latest type of attack in an increase in a recent trend of disruptive software supply chain attacks. The Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert about the malicious use of legitimate remote monitoring and management (RMM) software. Last fall,…

3 min read

$10.3 Billion in Cyber Crime Losses Shatters Previous Totals

4 min read - The introduction of the most recent FBI Internet Crime Report says, “At the FBI, we know ‘cyber risk is business risk’ and ‘cybersecurity is national security.’” And the numbers in the report back up this statement. The FBI report details more than 800,000 cyber crime-related complaints filed in 2022. Meanwhile, total losses were over $10 billion, shattering 2021's total of $6.9 billion, according to the bureau’s Internet Crime Complaint Center (IC3). Top Five Cyber Crime Types In the past five…

4 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read