The US Treasury has joined the fight against ransomware by punishing Suex, a virtual cryptocurrency exchange that facilitates ransomware payments. The sanctions are the first of their kind against a cryptocurrency exchange, and they make it illegal for Americans to conduct business with it.
It’s the latest step in a multi-agency campaign to combat the development of ransomware, which includes a cross-agency group and a $10 million reward for information on state-backed cybercriminals. So far, the results have been mixed. A hacked Iowa farm services supplier was recently held hostage by the BlackMatter ransomware organization, which sought $5.9 million in ransom.
Experts believe that the Treasury’s move against Suex, as well as the US government’s apparent resolve to pursue the money rather than the criminals, will be a severe setback for many of the world’s largest ransomware operations. While the penalties will not completely stop ransomware attacks, they will help to slow them down by removing the procedures that allow ransomware organizations to cash out their cryptocurrencies. The move has been hailed as a “major triumph” by Chanalysis, which supported the US in its probe into Suex, describing the exchange as one of the worst-offenders of cryptocurrency-based money laundering.
Suex has made about $13 million from ransomware operators like Ryuk and Maze since its inception in 2018, according to a blog post by the blockchain analysis firm. According to Chanalysis, the exchange received more than $24 million from crypto scammers. Over 40% of known Suex transactions, according to the Treasury, were linked to illegal activity. The United States will continue to target exchanges, according to Gurvais Grigg, Chainalysis’ global public sector and chief technology officer, although his study suggests that criminal activity is mostly focused on just a few services.
“Based on our statistics at the time, a gang of just five collected 82 percent of all ransomware funds from 2020,” he tells TechCrunch.
According to Paul Sibenik, principal case manager at blockchain forensics firm CipherBlade, the US is likely to target lesser-known nested services and over-the-counter (OTC) brokers, where trading takes place directly between two parties but is facilitated by a big exchange. Suex, for example, handles its transactions using the infrastructure of a larger exchange.
“Using a rogue OTC like Suex can be an effective workaround so that an attacker doesn’t need an account at the applicable exchange, but it’s fair to say that the exchange is still assisting the ransomware attacker’s transaction,” Sibenik tells TechCrunch. “Exchanges have a responsibility to monitor suspicious transactions entering into appropriate accounts, but it is equally crucial for exchanges to guarantee that any rogue OTCs and nested services they do business with are compliant,” Sibenik said. “Otherwise, there is a clear prospect of enforcement action, as well as arguably legal liability.”