U.S. Continues Crackdown Against Ransomware In Whole-Of-Government Effort

November 10, 2021
Back
In a coordinated multi-agency effort, the U.S. Treasury and the Department of Justice have taken a series of actions against ransomware groups, including the designation of a virtual currency exchange network, the seizure of $6.1m paid in ransom, and the release of an updated ransomware advisory for financial institutions.

  • Treasury sanctions second virtual currency exchange
  • FinCEN updates ransomware advisory
  • OFAC, DOJ take action against individuals in coordinated effort

In a coordinated multi-agency effort, the U.S. Treasury and the Department of Justice (DOJ) have taken a series of actions against ransomware groups, including the designation of a virtual currency exchange network, the seizure of $6.1m paid in ransom, and the release of an updated ransomware advisory for financial institutions.

Just a few months after the first-ever designation of a virtual currency exchange, the Treasury’s Office of Foreign Asset Control (OFAC) has again sanctioned a digital asset platform on suspicion that the company facilitated transactions for multiple ransomware variants.

The Treasury found that virtual currency exchange Chatex had direct ties with SUEX currency exchange, which was sanctioned earlier in September for facilitating the movement of illicit ransom payments.

According to the analysis by the U.S. agency, more than half of the known transactions of Chatex are directly traced to illicit or high-risk activities, such as darknet markets, high-risk exchanges, and ransomware.

The Treasury recognizes that most virtual currency activity is “licit,” but that virtual currency remains the primary mechanism for ransomware payments, and certain virtual currency exchanges are a significant piece of the ransomware ecosystem.

Hence, “the United States urges the international community to effectively implement international standards on anti-money laundering/countering the financing of terrorism (AML/CFT) in the virtual currency area, particularly regarding virtual currency exchanges,” the Treasury said in a press release.

In coordination with the OFAC action, the Financial Crimes Enforcement Network (FinCEN) has announced an update to its 2020 advisory on ransomware and the use of the financial system to facilitate ransom payments.

The document identifies financial red flags that are indicators of ransomware-related illicit activity. It aims to assist financial institutions, including virtual currency service providers, in identifying and reporting suspicious transactions associated with ransomware payments in line with the Bank Secrecy Act.

Actions against individuals

At the same time, the OFAC and the DOJ have both announced actions against two foreign individuals involved in ransom attacks against businesses and government entities in the United States.

According to the indictments filed by the DOJ, Ukrainian national Yaroslav Vasinskyi carried out ransomware attacks against multiple victims, while Russian national Yevgeniy Polyanin also deployed ransomware on the computers of multiple victims, including businesses and government entities in Texas in August 2019.

Both individuals are members of the REvil group, and are suspected to be involved in the July attack against Kaseya, the IT solutions developer for managed service providers, which affected around 800 to 1,500 small and medium-sized companies.

The agencies estimate that REvil, which offers a ransomware-as-a-service business, has collected at least $200m in ransom payments in Bitcoin and Monero throughout the years.

The department has now announced the arrest of Vasinskyi and the seizure of $6.1m in ransom proceeds from Polyanin. The latter is believed to be involved in 3,000 ransomware attacks resulting in total extortions of $13m.

In parallel to the DOJ action, the OFAC also imposed sanctions against the two actors, blocking all of their property and interests, and prohibiting U.S. persons from engaging in transactions with them.

Overseas cooperation

European authorities played an important part in both actions. The police in Poland and Ukraine helped to take Vasinskyi into custody, while Latvian and Estonian authorities helped the OFAC identify the activities of the designated entities.

“I’m grateful to all our federal partners, and our many foreign partners, especially Poland, Romania, Ukraine, France and Germany,” FBI director Christopher Wray said.

“The cyber threat is daunting — but when we combine the right people, the right tools, and the right authorities, our adversaries are no match for what we can accomplish together,” he added.

The fight against ransomware has been a vital piece of the U.S. regulatory agenda since the attack on the Colonial Pipeline in early May. Shortly afterward, President Joe Biden issued an executive order to facilitate information sharing between private and public entities and to modernize cybersecurity within the federal government.

In October, the DOJ launched two initiatives to tackle investigations into criminal misuses of cryptocurrency and to uncover cybersecurity-related fraud by government contractors and grant recipients.

Later on, in a joint government effort, FinCEN issued a report, revealing that the United States had already paid $590m in ransom in the first half of 2021, growing from $416m in the entirety of 2020, while the OFAC published sanctions compliance guidance for virtual currency businesses.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.