US Treasury imposes sanctions on crypto-exchange linked to ransomware ops

On September 21^st, the US Treasury Department imposed sanctions on a well-known cryptocurrency exchange by the name of Suex. This particular crypto exchange is very popular for helping ransomware and other cybercrime groups launder money. According to a report by Chainalysis, a company that tracks and analyzes blockchain transactions, the crypto-exchange helped launder illicit funds to the tune of $160 million only in Bitcoin between 2018 and 2021.

As we discussed in our most recent Crypto Crime Report, a very small group of illicit services facilitates the majority of the money laundering for all cryptocurrency-based crime. Suex is one of the biggest and most active of those services. ​​https://t.co/6qgjXJ4CDr

— Chainalysis (@chainalysis) September 21, 2021

Suex.io (now archived) was the website of the crypto-exchange which was register in the Czech Republic but owned by Russian Nationals. They were headquartered in Moscow and Saint Petersburg. The company is also believed to operate out of offices outside Russia.

“Since opening its doors in 2018, Suex has moved hundreds of millions of dollars’ worth of cryptocurrency, mostly in Bitcoin, Ether, and Tether, much of which is from illicit and high-risk sources. In Bitcoin alone, Suex’s deposit addresses hosted at large exchanges have received over $160 million from ransomware actors, scammers, and darknet market operators.”

via the blog post published by Chainalysis

Chainalysis also believes that a lot of the transactions were linked to popular ransomware gangs such as Ryuk, Conti, Maze, etc.

Sanctions imposed by the US Treasury

In a press release on 21^st September, the US Department of the Treasury announced “a set of actions focused on disrupting criminal networks and virtual currency exchanges” that are responsible for laundering ransom payments, as well as encouraging the private sector to make improvements in cybersecurity due to the major rise in cybercrime in the last couple of years.

“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors. As cybercriminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”

via the US Treasury Secretary Janet L. Yellen

Their sanctions include the designation of Suex for aiding the money laundering activities of known threat actors. It has been stated that almost 40% of all transactions made on the Suex platform are associated with various threat actors and their illicit activities. As highlighted by this specific statistic, it is very clear the virtual currency exchanges such as Suex are very important for these ransomware gangs and other cybercrime groups to be profitable. Due to the extensive dependence on technology over the last 2 years, it comes as no surprise that cybercrime is thriving.

Implications of the sanctions

Now that Suex has been designated by the sanctions imposed by the US Treasury, all the property and interests in property of Suex (who is the designated target) that are subject to United States jurisdiction are now blocked. US citizens are also prohibited from engaging in any kind of transactions with Suex. In addition to this, any financial institution or other person engaging in transactions with the designated target will be subject to sanctions themselves or enforcement action.

It is understood that most of the activity that involves virtual currency is licit, but the fact is that virtual currency has been a major enabling factor for many threat actors. Virtual currency activity can facilitate ransomware or other cybercrime schemes, or even evasion of any sanctions that have been imposed.

In this case, Suex has been sanctioned because, unlike a lot of the crypto-exchanges which are exploited by these malicious actors, Suex knowingly facilitated illicit transactions for their own profit. The us Treasury has stated that they will continue to use their authorities with help of other US agencies to make sure that they disrupt any such activity by other malicious cyber actors as well.

2020, often referred to as the year of ransomware, saw a meteoric rise in ransomware operations across the world and that trend has been continuing even in 2021. Cases such as the Colonial Pipeline incident, or the Kaseya incident have really been a wake up call to the United States.

The US Treasury has said that these sanctions are only a continuation of the monumental efforts by the United States, through the Biden Administration, to counter ransomware and other cybercrimes. These sanctions follow a whole host of activities to tackle cybercrime including the memorandum to improve cybersecurity and protect critical infrastructure and the establishment of collaborative initiatives between the government and private sector leaders in the US.  

“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors. As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks… The US Treasury will continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to continue to conduct these attacks.”

via the US Treasure press release on September 21st