The U.S. Treasury Department has taken decisive action by sanctioning the Russian cryptocurrency exchange Suex. This move is in response to the exchange’s alleged involvement in facilitating and laundering transactions linked to at least eight variants of ransomware. The action aligns with governmental efforts aimed at reducing the financial efficacy of such cybercrimes, which have surged in recent years.
According to a press release from the Treasury, “Virtual currency exchanges like Suex play a crucial role in the profitability of ransomware operations, which fund further cybercriminal activities.” Analysis indicates that over 40% of Suex’s known transactions are associated with illicit actors. In sanctioning Suex under Executive Order 13694, the Treasury underscores its commitment to tackling the threat posed by criminal ransomware groups.
Blockchain analytics firm Chainalysis reports that Suex is legally registered in the Czech Republic and has operational offices in Moscow and St. Petersburg. The exchange has received over $481 million in Bitcoin through 25 deposit addresses since its inception in February 2018, with nearly $162 million coming from ransomware operators, including notorious groups such as Ryuk, Conti, and Maze, alongside cryptocurrency scams and darknet markets.
This action represents a pioneering effort to hold a virtual currency exchange accountable, coinciding with a recent uptick in devastating ransomware attacks that have compromised critical infrastructure and escalated into a significant economic and national security concern. Reports indicated that ransomware payments exceeded $400 million in 2020, marking a fourfold increase from the previous year, with virtual currencies becoming the primary medium for such transactions.
Ransomware is a type of malicious software designed to block access to computer systems or data, frequently through encryption methods, compelling victims to pay a ransom for decryption. Some attackers employ a tactic known as double extortion, threatening to publicly disclose sensitive information unless their demands are met. The Treasury emphasizes that these ransom payments are a mere fraction of the total economic damage inflicted by cyberattacks, revealing the motivations of individuals who exploit technology for profit.
Officials have noted that virtual currencies facilitate various illicit activities, including the evasion of sanctions, execution of ransomware schemes, and other financially motivated cyber crimes. In the case of Suex, it was specifically highlighted that the exchange facilitated illegal operations “for their own illicit gains.”
This sanctioning includes freezing all Suex’s assets within U.S. jurisdiction, meaning U.S. citizens are prohibited from transacting with sanctioned entities. Financial institutions that engage with Suex could also face sanctions and enforcement actions. The U.S. Office of Foreign Assets Control (OFAC) has released updated guidance on the risks associated with negotiating with ransomware actors, advising organizations to refrain from payment and to promptly report incidents to law enforcement.
Chainalysis further observes that disrupting cryptocurrency-based money laundering remains a critical strategy in combating cybercrime. If cybercriminals face barriers to transferring illicit cryptocurrency to safe services or cash, they have diminished reasons to engage with cryptocurrencies altogether. Such insights highlight the ongoing battle between authorities and offenders in the evolving landscape of cyber threats.
