US Sanctions Russian Cryptocurrency Exchange for Facilitating Ransomware Payments

To stop the ransomware scourge, the US is sanctioning a Russian cryptocurrency exchange that’s allegedly been helping the hackers convert their earnings into cash. 

The sanctions mean no US citizen or company can have business dealings with Moscow-based SUEX OTC, the US Treasury Department announced on Tuesday.  

The news represents the first time the US has sanctioned a cryptocurrency exchange for facilitating payments to ransomware hackers. In doing so, the Biden administration is hoping it can stop the attacks from being profitable. 

It also means victim companies hit with a ransomware attack could face penalties if they pay off the hackers through cryptocurrency addresses operating under the SUEX exchange. On Tuesday, the Treasury Department issued new guidance to “highlight the sanctions risks associated with ransomware payments.”

The Treasury Department isn’t tying the SUEX exchange to a specific ransomware strain. But it claims that over 40% of known transactions on the cryptocurrency exchange have been “associated with illicit actors.”

Cryptocurrency tracking firm Chainalysis says it helped federal investigators examine SUEX, and estimates the Russian exchange received over $160 million in Bitcoin alone from ransomware hackers, scammers, and other actors on dark web internet marketplaces.

The ransomware groups that have allegedly used SUEX include Ryuk, Conti, and Maze, since the exchange began operating in 2018. “Chainalysis’ investigation reveals that the (SUEX) OTC is converting cryptocurrency into cash at physical branches located in Moscow and St. Petersburg, and possibly also at other offices outside of Russia as well,” the company added. 

A website seemingly for SUEX also notes the exchange accepts Visa and Mastercard. But under the sanctions, financial institutions that engage with SUEX risk could face US government penalties.

Chainalysis adds that a “very small group of illicit services” facilitates most of the money laundering for cryptocurrency-based crimes. “SUEX is one of the biggest and most active of those services. Shutting them down would represent a significant blow to many of the biggest cyber threat actors operating today,” the company said. 

The sanctions occur as the Biden administration has been escalating its battle against ransomware groups, many of which are believed to be based in Russia, a country that generally refuses to crack down and extradite hackers to the US. 

As a result, the hackers have been launching ransomware attacks on US companies, schools, and hospitals for years now, without fear of major consequences. But now the Biden administration is threatening to thwart a key cog in the ransomware supply chain. 

“Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity. Treasury will continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to continue to conduct these attacks,” the Treasury Department said. 

The Treasury Department is also urging companies hit with a ransomware attack to contact federal authorities, such as the FBI. The same companies should also notify the Treasury Department if a ransomware payment is made. Otherwise, they risk facing penalties from federal authorities in the event a US sanction was violated in making the payment.

SUEX did not immediately respond to a request for comment.