The Treasury Department on Tuesday will impose sanctions on the virtual currency exchange SUEX OTC, S.R.O. after determining it has "facilitated transactions involving illicit proceeds" for at least eight ransomware variants, administration officials said.
The Treasury Department on Tuesday explained that some virtual currency exchanges have proven to be "a critical element" for ransomware, as virtually currency "is the principal means of facilitating ransomware payments and associated money-laundering activities."
Deputy Secretary of the Treasury Wally Adeyemo said the agency’s focus was part of the Biden administration’s whole-of-government effort to counter ransomware and cyber criminals, and would work to "destruct and deter these criminals by going after their financial enablers."
The Treasury Department’s Office of Foreign Assets Control’s designation of SUEX is the "first designation of a virtual currency exchange with complicity in criminal ransomware activity," Adeyemo said.
Officials said SUEX has facilitated transactions involving illicit proceeds for at least eight ransomware variants, with more than 40% of its known transaction history being associated with illicit actors.
The Treasury Department said virtual currency exchanges, like SUEX, are "critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity."
"Treasury will continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to conduct these attacks," the Treasury Department said, adding that the designation of SUEX was done in coordination with the FBI.
Ransomware attacks have been increasing in "scale, sophistication and frequency," and have victimized governments, individuals and private companies around the globe.
"Ransomware is a complex global challenge," Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger said. "Criminals operate in space because it is profitable."
Neuberger said that, in 2020, ransomware payments reached over $400 million – more than four times their level in 2019.
"These payments represent just a fraction of the economic harm caused by cyber attacks," she said.
"Countering ransomware is a matter of national security," Neuberger added, noting that the Biden administration has a "comprehensive" and "focused" approach to the issue.
Neuberger said the administration’s strategy focuses on disrupting ransomware infrastructure and actors; promoting resilience by working with partners in the private sector; addressing vulnerabilities; addressing abuse of virtual currency to pay ransom; and leveraging international cooperation to disrupt the ecosystem.
Officials said the objectives of those seeking to weaponize technology for personal gain are "to disrupt our economy and damage the companies, families and individuals who depend on it for the livelihoods, savings and futures."
"Treasury will continue to use its authorities against malicious cyber actors in concert with other U.S. departments and agencies, as well as our foreign partners to disrupt financial nodes tied to ransomware payments and cyber attacks," the Treasury added, saying sanctions controls prevent individuals from "exploiting virtual currencies to undermine U.S. foreign policy and national security interests."
Adeyemo stressed that cyber attacks and ransomware are "a threat to national security and our economy," adding that the Treasury Department will work with the private sector to ensure they "take decisive actions to bolster their cyber defenses" – specifically for critical U.S. infrastructure.
Adeyemo noted that the private sector has "demonstrated" their commitment to cyber hygiene and coordination with federal law enforcement if an attack should occur, but said the administration does "not expect the private sector to solve the problem of ransomware and cyber attacks on its own."
He added that close cooperation and collaboration between the private sector and the government "can safeguard our economy and secure economic growth."
"The Treasury is committed to using all treasury tools to prevent, deter and disrupt these cyber criminals," Adeyemo said.
The Biden administration's effort to strengthen cyber defenses comes after a string of ransomware attacks earlier this summer, with foreign malign actors targeting pieces of U.S. critical infrastructure.
In June, a ransomware assault shut down the U.S.-based meat plants of the world’s largest meatpacker, Brazil-based JBS. The White House said the hack was likely carried out by a criminal group based in Russia.
The attack on JBS came just weeks after the largest U.S. fuel pipeline, the East Coast's Colonial Pipeline, was targeted by a criminal group originating in Russia.
Senior administration officials said the overall "optimal" approach is modernizing the national defense, federal government, state and local government and critical infrastructure, as well as the broader private sector so they are "modern enough to meet the threat."
President Biden, in July, signed a national security memorandum directing his administration to develop cybersecurity performance goals for critical infrastructure in the U.S. – entities like electricity utility companies, chemical plants and nuclear reactors.
The memo also formally established Biden's Cyber Security Initiative, a voluntary collaborative effort between the federal government and critical infrastructure entities to facilitate the deployment of technology and systems that provide threat visibility indicators and detections.