RansomwareU.S. Sanctions Russian-Based Cryptocurrency Exchange for Laundering Ransomware Money

The United States has imposed sanctions on a Russian-based cryptocurrency exchange over its alleged role in facilitating illegal payments from ransomware attacks.

The Treasury Department action on September 21 targeted SUEX, in what officials said was the first sanctions leveled against a cryptocurrency exchange laundering money for cybercriminals.

This year, ransomware attacks have targeted companies and critical infrastructure, including a major U.S. pipeline and a meatpacker. There was also an attack on the software firm Kaseya that impacted some 1,500 businesses.

Ransomware payments surged last year to over $400 million, more than four times their level in 2019, according to the U.S. government.

But those payments represent only a fraction of economic harm caused by cyberattacks, which have disrupted critical sectors, including financial services, health care, and energy.

“Ransomware and cyberattacks are victimizing businesses large and small across America and are a direct threat to our economy,” said Treasury Secretary Janet Yellen.

In a ransomware attack, hackers take control of a company or organization’s computer systems and data. They unblock it only after receiving payments, typically in cryptocurrency.

Although SUEX is registered in the Czech Republic, it has no physical presence there and operates out of Russia instead.

U.S. officials said that 40 percent of SUEX’s known transaction history is associated with illicit transactions.

According to cryptocurrency-tracking firm Chainalysis, SUEX is among the most active of a small group of illicit services that handle most money laundering for cybercriminals.

“In Bitcoin alone, SUEX’s deposit addresses hosted at large exchanges have received over $160 million from ransomware actors, scammers and darknet market operators,” said a report from Chainalysis.

The sanctions block Suex’s access to all U.S. property and prohibit Americans from transacting with the company.

Suspected Russia-based criminal groups have been linked to high-profile ransomware attacks, including the one on Colonial Pipeline and Kaseya. Although U.S. officials say the attacks originate in Russia, it is less clear whether there is direct state involvement. Russia denies responsibility.

The issue has become so prominent that at a Geneva summit with Russian President Vladimir Putin in June, President Joe Biden said the two leaders discussed keeping 16 types of critical infrastructure off-limits to cyberattacks, including the energy and water sectors.

In a separate phone call in July, Biden called on Putin to take action to disrupt ransomware groups operating in Russia and vowed to defend companies and critical infrastructure from ransomware attacks.

This article is reprinted with permission of Radio Free Europe/Radio Liberty (RFE/RL).