The US Treasury Department will sanction a cryptocurrency exchange for its alleged role in facilitating ransomware payments, marking the first time a digital currency platform has been sanctioned.
In an advisory, the department's Office of Foreign Assets Control (OFAC) says it will sanction virtual currency exchange Suex "for its part in facilitating financial transactions for ransomware actors, involving illicit proceeds from at least eight ransomware variants." Analysis of Suex history reveals more than 40% of its known transactions were associated with illicit actors.
Ransomware payments surpassed $400 million in 2020, more than four times the amount paid in 2019, US officials state in a release, though they estimate these payments represent "just a fraction" of the economic damage cyberattacks cause. In addition to the millions paid in ransom and recovery, disruption to critical sectors and exposure of sensitive data can cause damage.
"Some virtual currency exchanges are a critical element of this ecosystem, as virtual currency is the principal means of facilitating ransomware payments and associated money laundering activities," officials state. Exchanges such as Suex, they add, are critical to the profitability of ransomware attacks, which fund additional cybercrime.
While most virtual currency activity is legal, officials note, these currencies can be used for illicit activity via peer-to-peer exchangers, mixers, and exchanges. Some virtual currency platforms are exploited by criminals; some, like Suex, facilitate illegal activities for their own illicit gain.
Read the full OFAC advisory for more details.