As part of a government-wide effort to counter ransomware, the U.S. Department of the Treasury is taking robust actions to disrupt criminal networks and virtual currency exchanges responsible for laundering ransoms, encourage best cyber practices, and increase efficient and timely incident reporting to agencies.
“Ransomware and cyberattacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors,” said Treasury Secretary Janet L. Yellen in a press release on Sept. 21. “As cybercriminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”
Among the actions taken is the designation of the first virtual currency exchange for complicit financial services. The Treasury Department’s Office of Foreign Assets Control (OFAC) is banning the use of or engagement with SUEX, a virtual currency exchange, due to its involvement in facilitating financial transactions for ransomware actors.
“SUEX has facilitated transactions involving illicit proceeds from at least eight ransomware variants,” the Treasury Department said. “Analysis of known SUEX transactions shows that over 40 percent of SUEX’s known transaction history is associated with illicit actors.”
Virtual currency exchanges are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity. The Treasury Department plans to continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to continue conducting these attacks.
This action is the first sanctions designation against a virtual currency exchange and was executed with assistance from the FBI.
Additionally, the Treasury Department stated that any financial institutions or persons engaged in activities with sanctioned entities and individuals might expose themselves to sanctions or be subject to enforcement action.
The OFAC also released an updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, emphasizing how the U.S. government continues to discourage the payment of cyber, ransom, or extortion demands and recognizes the importance of cyber hygiene in preventing or mitigating such attacks.
The updates emphasize the importance of improving cybersecurity practices and reporting to appropriate government agencies in a ransomware attack. Proper and timely reporting is essential for government agencies, including law enforcement, to understand and counter ransomware attacks and malicious cyber actors.
Overall, the actions by the Treasury Department advance the U.S. government’s broader counter-ransomware strategy, which emphasizes the need for a collaborative approach to counter ransomware attacks, including a partnership between the public and private sector and close relationships with international partners.