US Treasury sanctions cryptocurrency exchange SUEX
U.S. Treasury Secretary Janet Yellen answers questions during the Senate Appropriations Subcommittee hearing to examine the FY22 budget request for the Treasury Department on Capitol Hill in Washington, DC, June 23, 2021.
Pool Reuters Tuesday’s announcement by the U.S. Treasury Department that it would sanction a cryptocurrency exchange in response to its alleged involvement in cyberattack ransom laundering.| Pool | Reuters
The U.S. Treasury Department announced Tuesday it will sanction a cryptocurrency exchange for its alleged role in laundering ransoms for cyberattacks.
This is the first action taken against virtual currency exchanges. It comes following a series of cyberattacks that have crippled many industries and threatened U.S. government departments. According to the Treasury, ransomware payments reached more than $400 million for 2020. This is more than four times as much as in 2019.
Ransomware, a cyberattack in which hackers shut down key programs to demand payment (usually in bitcoin) to unlock the program.
Suex, a cryptocurrency exchange that allegedly facilitates ransomware-related financial transactions will be designated by the department’s Office of Foreign Assets Control.
Although most cryptocurrency activity is legal, bad actors can exploit the technology that facilitates these payments. Decentralized transactions in cryptocurrency can prove more difficult than traditional banking institutions to trace. Suex, according to the department, was involved in illegal activity for its own illicit gain.
Suex, according to the department “has facilitated transactions involving illicit proceeds of at least eight ransomware variations.” The department also stated that 40% of Suex’s transaction history was “associated with illegal actors”.
Suex will have to be more cautious when doing business with U.S. entities due to the new designation. U.S. citizens cannot transact with sanctioned entities, and any financial institution that participates in specific activities could face enforcement or sanctions.
Along with the Suex action, the department updated its guidelines for businesses regarding ransomware attack response. According to a press release the guidance encourages ransomware victims to contact law enforcement immediately and to fully cooperate.
U.S. entities may be subject to sanctions for making ransom payments to sanctioned actors, even though they are not aware of it, as in the case with ransom payment. The guidance states that OFAC will consider the cooperation of a company in order to determine its final consequences.
In order to mitigate damage, the government insists on its ability to keep track of cyberattacks. The value of such knowledge became clear last year through the attack on SolarWinds, which affected several government agencies. That assault came to light after another cybersecurity company, FireEye, reported a sophisticated attack on its own systems. Microsoft President Brad Smith told lawmakers that FireEye’s disclosure was critical to understanding the extent of the attack.
Since then, lawmakers have introduced a measure that would require government contractors and critical infrastructure companies to disclose cyberattacks, while granting them a limited safe harbor from legal action over those disclosures.
WATCH: The massive cyber attack that hit government agencies and Microsoft, explained: CNBC After Hours