The Biden administration cracked down on a cryptocurrency exchange on Tuesday to disrupt ransomware attackers using digital payments to facilitate the cyberattacks on America’s critical infrastructure.
The Treasury Department announced sanctions against SUEX, a cryptocurrency exchange operating in Russia, for allegedly facilitating payments to cyber gangs. A cryptocurrency exchange is a digital marketplace where users buy and sell digital assets.
Ransomware attackers hold data and systems hostage until victims pay up, often through digital currencies.
“As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks,” said Treasury Secretary Janet Yellen in a statement.
More than 40% of SUEX’s transactions are associated with “illicit actors,” according to Treasury, which targeted the exchange for providing material support to ransomware attackers.
“Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity,” Treasury said in a statement. “Treasury will continue to disrupt and hold accountable these entities to reduce the incentive for cyber criminals to continue to conduct these attacks.”
Monitoring ransomware attackers’ use of cryptocurrency has proven to be a fruitful tool in the federal government’s hunt for cyber criminals. For example, the U.S. government recovered approximately $2.3 million of the cryptocurrency paid by major U.S. fuel supplier Colonial Pipeline to its attackers affiliated with the ransomware gang DarkSide, which President Biden has linked to Russia.
Mr. Biden previously sought to stymie Russian crime gangs by admonishing Russian President Vladimir Putin to act against cyberattackers within his country’s borders. Mr. Biden warned Mr. Putin multiple times this summer that there would be consequences for cyberattacks affecting America’s critical infrastructure, according to the White House.
In September, the U.S. met with allies about how to effectively fight back. Treasury said it met multiple times earlier this month with the Bank of England and other members of the G-7 Cyber Expert Group to discuss ransomware and its effects on the financial services sector.
Alongside its new sanctions on SUEX, the administration also issued guidance warning Americans against paying ransomware attackers or encouraging others to make such payments.
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating [Office of Foreign Assets Control] regulations,” read a Treasury Department advisory. “The U.S. government strongly discourages all private companies and citizens from paying ransom or extortion demands and recommends focusing on strengthening defensive and resilience measures to prevent and protect against ransomware attacks.”