Biden fights ransomware with crackdown on cryptocurrency payments


The Biden administration took action Tuesday to tackle the growing problem of ransomware attacks, expanding its use of sanctions to shut down digital payment systems that have allowed such criminal activity to flourish and threaten national security.

The Treasury Department said it was imposing sanctions on a virtual bureau de change called Suex, in the administration’s most pointed response to a plague that disrupted the United States’ fuel and meat supply this year when foreign hackers locked companies’ computer systems down and demanded large sums of money. to free them.

The illicit financial transactions underlying the ransomware attacks took place with digital money known as cryptocurrencies, which the U.S. government is still figuring out how to regulate.

The Treasury Department said Suex facilitated transactions involving illegal products with at least eight episodes of ransomware. More than 40% of the stock exchange’s transactions were linked to criminal actors, the department said.

“Ransomware and cyber attacks victimize businesses large and small across America and pose a direct threat to our economy,” Treasury Secretary Janet L. Yellen said in a statement.

The department provided few details on Suex, declining to say where the company is based or what types of transactions it handles, although a Russian IT official confirmed on Tuesday that he was the founder.

Treasury officials have said that although some virtual currency exchanges are operated by criminals, Suex facilitates illegal activities for its own benefit.

Cyber ​​security experts see exchanges as a weak spot for ransomware gangs that otherwise operate entirely in the internet ether, almost untouchable by law enforcement. But exchanges are a real-world interface used to cash cryptocurrency and public companies that are vulnerable to financial penalties.

Vasily Zhabykin, a graduate of a prestigious Russian university that trains diplomats, said by phone Tuesday that he founded Suex to develop software for the financial industry. He denied any illegal activity and said it was possible the Treasury Department had mistakenly targeted his business.

“I don’t understand how I got involved in this,” he said in a brief interview. Suex, which is registered in the Czech Republic, was mostly a failure and had only done half a dozen transactions since 2019, Zhabykin said, adding that he had three employees.

Russia is believed to be home to the most sophisticated ransomware groups, where they appear to operate with impunity. Other countries like Iran and North Korea are hosting the groups, according to cybersecurity experts.

Over the past decade or so, key technologies have come together in a toolkit for the ransomware industry: malware to jam victims’ computers, routers that anonymize communication, and digital currencies for payments. .

A weak point, according to a ransomware study published in 2019 in The Journal of Cybersecurity, is Exchanges: The Companies That Convert Digital Currency Into Cash, Where Criminals Lurking In The Digital World Must Eventually Show Up To Get Paid.

Many exchanges have sprung up in Russia in recent years, often leasing office space in Moscow’s financial district alongside banks. Russia has gone from an attempt to outright ban digital currencies to adopting regulations this year allowing ownership.

The Treasury Department’s action came three months after President Biden, meeting in Geneva with Russian President Vladimir V. Putin, demanded a crackdown on ransomware operators suspected of working from Russian territory. Mr. Putin made no promises. Prior to the meeting, an attack had destroyed Colonial Pipeline, which supplies much of the East Coast’s gasoline and jet fuel; another had entered JBS, a major US meat supplier.

The attacks appeared to subside for a few months, and a major ransomware operator, DarkSide, appeared to have closed its doors.

But at the end of the summer, the attacks started to increase again. Paul M. Abbate, deputy director of the FBI, specializing in cybercrime, told a conference last week that “there is no indication that the Russian government has taken any action to crack down on ransomware players operating in the permissive environment they have. have created there.

He added that little action had been taken against people in Russia facing indictments in the United States.

Intelligence officials report the same, and they say they believe some Russian military and intelligence services are using ransomware operators to hide actions that can be carried out on behalf of the state, or at least with its consent. .

An attack on another food supplier was playing out on Monday, even as the Treasury Department prepared its action. New Cooperative, an Iowa grain cooperative, said it was part of “critical infrastructure” and noted that BlackMatter, a relatively new ransomware group, had promised not to attack such groups. But in responses that appeared in screenshots on Twitter, BlackMatter said it does not view New Cooperative as critical infrastructure. The two were in an open dispute over the definition of the category.

“We don’t see any critical business areas,” the ransomware group responded.

BlackMatter asked for just under $ 6 million to decrypt the company’s files. This figure has declined dramatically over time.

The Treasury Department said that in 2020 ransomware payments exceeded $ 400 million, four times more than the previous year. The economic damage, he said, was much greater.


Leave A Reply