The US Treasury Department’s Office of Foreign Assets Control (OFAC) is planning to sanction Suex, a crypto exchange that lets users buy and sell cryptos using regular credit cards. Per the agency, the exchange has been helping ransomware attackers launder their loot. A report unveiled this news on September 21, noting that this would be the first time that a crypto exchange is sanctioned.
According to OFAC, as much as 40% of Suex’s transaction volume comprises illicit transactions. The agency added that the exchange completed transactions involving illegal proceeds from at least eight ransomware attacks. OFAC further noted that the exchange has been aiding malicious actors knowingly to make profits.
By Sanctioning Suex, OFAC will make it hard for the exchange to conduct any business with US firms or citizens. This is because the US has banned citizens and organizations from completing transactions through sanctioned firms. The penalty for such an offense might involve facing sanctions or even enforcement actions.
Victims of ransomware attacks should not pay ransoms
Apart from designating Suex, the agency also specified its guidance for how businesses should respond to ransomware attacks. The guidance urges victims and related firms to report such incidents and cooperate with law enforcement as soon as possible. OFAC also discourages victims from paying ransoms.
Explaining why people and businesses should not pay ransoms, OFAC said such a move could attract penalties, seeing as the victims would be dealing with a sanctioned organization. Nonetheless, the agency said it would consider a firm’s cooperation over a ransomware attack before determining the consequences it should face for paying the demanded ransom.
The agency also warned firms that facilitate ransomware payments on behalf of victims, saying,
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
Ransomware attacks continue becoming prevalent
Ransomware attacks have been on a steady rise, with attackers making away $400 million in 2020. In comparison, ransomware attacks in 2019 were worth approximately $100 million. While the agency admits that the large percentage of crypto activity is legal, it pointed out that bad actors can exploit weaknesses in the underlying blockchain technology. Additionally, OFAC said it is harder to trace crypto transactions due to the decentralized nature of the blockchain.
The most significant ransomware attack in the US came in May, when Darkside, a notorious hacker group, hacked Colonial Pipeline and demanded 75 BTC as ransom. The attack compromised the company’s billing system, forcing it to shut down operations. However, the firm paid the requested ransom with the assistance of the FBI and resumed operations a week later.
A month later, the FBI retrieved $2.3 million of the paid ransom after leveraging a weak password to Darkside’s wallet. Following this attack, a report disclosed that the US government intends to offer bounties of up to $10 million to stop ransomware attacks. Per the report, the White House also formed a task force for tracking the movement of funds obtained from such illicit activities.