.svg)
The US Department of the Treasury, in a coordinated effort with international partners, has launched significant actions aimed at disrupting Russian cybercrime networks and illicit virtual currency exchanges.
The Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued an order identifying PM2BTC, a Russian virtual currency exchanger linked to alleged money launderer Sergey Sergeevich Ivanov, as a primary money laundering concern tied to Russian illicit finance.
Simultaneously, the Office of Foreign Assets Control (OFAC) has imposed sanctions on Ivanov and Cryptex, a virtual currency exchange operating in Russia, for facilitating large-scale ransomware and cybercrime transactions.
“The United States and our international partners remain resolute in our commitment to prevent cybercrime facilitators like PM2BTC and Cryptex from operating with impunity,” said Bradley T. Smith, acting undersecretary for terrorism and financial intelligence at the Treasury.
“Treasury, in close coordination with our allies and partners, will continue to use all tools and authorities to disrupt the networks that seek to leverage the virtual assets ecosystem to facilitate their illicit activities.”
This crackdown is a continuation of the US government’s strategy to isolate Russia-based cybercriminals, which has previously seen actions taken against illicit groups such as the Cyber Army of Russia Reborn and the LockBit ransomware group.
The authority’s latest sanctions serve as a warning to financial institutions and individuals that any involvement with Russian cybercriminals could result in severe penalties.
International work
The actions taken by FinCEN and OFAC are part of a broader multinational initiative involving the US Secret Service, the Netherlands Police and the Dutch Fiscal Intelligence and Investigation Service (FIOD).
Together, these agencies have seized web domains and infrastructure associated with PM2BTC and other illicit services in an effort to cut off the flow of funds to Russian cybercriminals.
“PM2BTC, a CVC [convertible virtual currency] exchanger offering CVC and fiat currency exchange services with significant ties to, and connections with, Russia, is of primary money laundering concern in connection with Russian illicit finance through its facilitation of funds transfers by illicit actors and association with a wide array of illicit activities, including fraud schemes, sanctions evasion, ransomware attacks, and child abuse,” the FinCEN order says.
FinCEN’s investigation revealed that PM2BTC facilitated large volumes of illicit transactions, often obscuring the origin of the funds to evade detection.
According to the US Treasury, almost half of PM2BTC's activity is linked to money laundering, placing it among the worst offenders in the global virtual asset landscape.
FinCEN said the “risks presented by PM2BTC associations with illicit actors and comparative high volume of transactional activity linked to suspected illicit activity are compounded by PM2BTC’s lax KYC [know-your-customer] and AML [anti-money laundering] policies and procedures, as well as recent technical changes that have the effect of obscuring PM2BTC’s involvement in transactions”.
Meanwhile, Cryptex, registered on the Caribbean island of St. Vincent and the Grenadines, has handled more than $720m in transactions with ties to Russia-based cybercriminals.
OFAC designated Cryptex under multiple executive orders for its role in financing ransomware attacks and serving as a financial hub for Russian cybercriminal networks.
The US government is also offering a reward of up to $10m for information leading to the arrest of Ivanov.
In addition, an indictment against Ivanov and another Russian national, Timur Shakhmametov, has been unsealed, further intensifying the international effort to dismantle Russian cybercrime operations.
