The U.S. Treasury Department announced this week a series of actions aimed at disrupting malicious cyber groups behind ransomware attacks, while encouraging better cybersecurity in the private sector and extensive cooperation between government agencies and the various companies as part of the government's broader counter-ransomware strategy. The first action was imposition of sanctions on Russian cryptocurrency exchange SUEX.
According to the Treasury Department's statement, SUEX "has facilitated transactions involving illicit proceeds from at least eight ransomware variants. Analysis of known SUEX transactions shows that over 40% of SUEX’s known transaction history is associated with illicit actors." Under the sanctions, all property and interests in property in territories subject to U.S. jurisdiction are blocked, and both U.S. citizens and organizations are prohibited from engaging in transactions with the exchange.
"Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy," said Treasury Secretary Janet Yellen in the statement released on the department's website. "As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks."
According to the statistics provided by the Treasury Department, ransomware payments worldwide reached over $400 million in 2020, more than four times their level in 2019, but the overall damage is much more extensive: disruption of the economy and of supply chains for products and various services; damage to critical infrastructure such as healthcare, energy and financial services; enormous payments for recovery of data by the companies that were hit; and disruption of the daily lives and security of citizens.
"Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity. Treasury will continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to continue to conduct these attacks," the official statement said.