US combats ransomware attacks with crackdown on virtual currency exchange

Illicit financial transactions underpinning ransomware attacks have been taking place with cryptocurrencies. PHOTO: AFP

WASHINGTON (NYTIMES) - The Biden administration took action on Tuesday (Sept 22) to crack down on the growing problem of ransomware attacks, expanding its use of sanctions to cut off digital payment systems that have allowed such criminal activity to flourish and threaten national security.

The Treasury Department said it was imposing sanctions on a virtual currency exchange called Suex, in the administration's most pointed response to a scourge that has disrupted US fuel and meat supplies this year, when foreign hackers locked down corporate computer systems and demanded large sums of money to free them.

The illicit financial transactions underpinning ransomware attacks have been taking place with digital money known as cryptocurrencies, which the US government is still determining how to regulate.

The Treasury Department said Suex had facilitated transactions involving illegal proceeds from at least eight ransomware episodes. More than 40 per cent of the exchange's transactions had been linked to criminal actors, the department said.

"Ransomware and cyberattacks are victimising businesses large and small across America and are a direct threat to our economy," Treasury Secretary Janet Yellen said in a statement.

The department offered few details about Suex, declining to say where the company was based or what kinds of transactions it dealt with, though a Russian computer executive confirmed on Tuesday that he was the founder.

Treasury officials did say that while some virtual currency exchanges are exploited by criminals, Suex was facilitating illegal activities for its own gain.

Cybersecurity experts see exchanges as a weak point for ransomware gangs that otherwise operate wholly in the ether of the internet, all but untouchable by law enforcement. But the exchanges are an interface with the real world used to cash out cryptocurrency and public-facing companies that are vulnerable to financial sanctions.

The Treasury Department's action came three months after US President Joe Biden, meeting in Geneva with President Vladimir Putin of Russia, demanded a crackdown on ransomware operators suspected of working from Russian territory.

Putin made no promises. Before the meeting, one attack had taken out Colonial Pipeline, which provides much of the East Coast's gasoline and jet fuel; another had penetrated JBS, a major US meat supplier.

Join ST's Telegram channel and get the latest breaking news delivered to you.