The White House has imposed sanctions against SUEX, a virtual currency exchange that enables users to trade cryptocurrency or other digital currencies. CBS News reports that these measures were introduced because of Czech Republic-based SUEX’s role in facilitating financial transactions for ransomware actors.
The move was spearheaded by the U.S. Treasury Department’s Office of Foreign Assets Controls (OFAC) and the sanctions take the form of new commercial and financial penalties, with the objective of punishing the SUEX platform.
A quote from the U.S. government states: “for its part in facilitating financial transactions for ransomware actors, involving illicit proceeds from at least eight ransomware variants” (attributed to Deputy Treasury Secretary Wally Adeyemo).
This statement marks the first time OFAC has punished a virtual exchange for complicity in criminal ransomware activity. An analysis of known SUEX activity has shown that over 40 percent of transactions were associated with illicit actors, the Department of Treasury says (as reported by Bankless Times).
Nick Tausek, Security Solutions Architect at Swimlane has provided analysis for Digital Journal on this important issue.
Tausek says that it is the right time for the U.S. government to act and that probably action should have been instigated earlier. Tausek states: “Given the dramatic spike of ransomware and supply chain attacks affecting the United States this year, the lack of serious response from the federal government is no longer appropriate or acceptable.”
He adds that: “Imposing sanctions against SUEX is a good small first step in beginning to fight back against ransomware groups. The goal is to disrupt the financial supply chain of these cybercriminals without the entire crypto economy being overly disrupted.”
Furthermore, Tausek advises (somewhat boldly): “In order for the Biden administration to more effectively combat ransomware and other cyberattacks, they should consider imposing sanctions against nations known to be fostering an environment of cybercrime, such as Russia, next.”
For Tausek: “This could encourage regulatory action where many of these attacks are rooted and show that the U.S. is leaning more on accountability than before.”
He also recommends: “The federal government should consider further collaboration with crypto exchanges to establish and bolster a standardized set of best practices for avoiding the facilitation of ransomware, as well as providing guidance on the benefits for complying and how to do so.”
