Suex to be you: Feds sanction cryptocurrency exchange for handling payments from 8+ ransomware variants

Russia-based biz targeted in Uncle Sam's crack down on cyber-extortion


The US Treasury on Tuesday sanctioned virtual cryptocurrency exchange Suex OTC for handling financial transactions for ransomware operators, an intervention that's part of a broad US government effort to disrupt online extortion and related cyber-crime.

Suex is registered in the Czech Republic but operates out of offices in Russia. According to the US Treasury, more than 40 per cent of the firm's known transaction history involves illicit entities, and that it handled payments from at least eight ransomware variants.

Crypto-coin forensics outfit Chainalysis claims Suex has received more than $160m in Bitcoin since 2018 from ransomware and other illicit operations. As such, the Treasure Department has determined that the firm provides material support to cybercriminals and has added Suex to its Office of Foreign Assets Control (OFAC) designated entities list.

Consequently, the firm's US assets have been frozen and companies and persons doing business in the US are prohibited from transacting with it.

"Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy," said Treasury Secretary Janet L. Yellen in a statement. "We will continue to crack down on malicious actors."

The US Treasury Department says that in 2020, ransomware payments surpassed $400m, more than four times the total in 2019. And this year, two major ransomware incidents affecting Colonial Pipeline and JBS Foods, not to mention the Kayesa and Microsoft Exchange compromises, made it clear something has to be done to respond to threats affecting critical infrastructure.

Confronted with the ransomware surge, the Biden administration has tried to push back. In March, Alejandro Mayorkas, Secretary of Homeland Security, announced plans to deal with the increase in ransomware. In April, the Justice Department assembled its Ransomware and Digital Extortion Task Force and the industry-driven Institute for Security and Technology's Ransomware Task Force published a report for policy makers with four dozen recommendations.

In May, the Biden administration signed an executive order to protect US critical infrastructure and in June it issued a National Security Memorandum expanding cyber defense efforts.

The EU took a similar step with the July launch of "No More Ransom," an initiative undertaken by Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police and McAfee to help ransomware victims decrypt maliciously encrypted files so no ransom need be paid.

Ransomware reports and policies argue for cooperating and sharing resources like decryption keys, but that doesn't always happen. The FBI this summer reportedly withheld a decryption key that could have undone a July ransomware attack against Kaseya and could potentially have saved affected firms millions in ransom payments.

According to the Washington Post, the FBI withheld the key for three weeks while it planned a counter-strike on REvil, the Russia-based ransomware gang said to have been behind the Kaseya attack. But the FBI operation never occurred because REvil's ransomware infrastructure went offline and the group went dark in mid-July before the Feds took action.

The Register asked the FBI to comment and the agency declined.

We also asked the US Treasury Department whether it has a policy on whether decryption keys should be shared with potential victims if those keys are available. ®

Broader topics


Other stories you might like

  • Planning for power cuts? That's strictly for the birds

    Please Mr Hitchcock, no more. The UPS can't take it

    Who, Me? "Expect the unexpected" is a cliché regularly trotted out during disaster planning. But how far should those plans go? Welcome to an episode of Who, Me? where a reader finds an entirely new failure mode.

    Today's tale comes from "Brian" (not his name) and is set during a period when the US state of California was facing rolling blackouts.

    Our reader was working for a struggling hardware vendor in the state, a once mighty power now reduced to a mere 1,400 employees thanks to that old favourite of the HR axe-wielder: "restructuring."

    Continue reading
  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading

Biting the hand that feeds IT © 1998–2022