US sanctions crypto exchanges and wallets used by ransomware
The Biden administration is expected to impose sanctions on crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat currency.
With the escalation of ransomware attacks against U.S. interests and infrastructure over the past two years, the White House has stepped up its efforts to disrupt ransomware operations.
According to a Wall Street Journal report, the United States is expected to sanction crypto exchanges, wallets and individuals who help ransomware gangs convert cryptocurrency next week.
Since cryptocurrency is a mandatory component of ransomware operations, the Biden administration hopes to disrupt this payment method and associated attacks with penalties.
When ransomware gangs attack organizations, they demand millions of dollars in cryptocurrency to receive a decryptor and prevent the disclosure of stolen data.
Almost all ransomware operations require Bitcoin or Monero for ransom payments. However, virtually all ransom payments are made in Bitcoin, as Monero is considered a privacy coin and is not offered for sale by almost all US crypto exchanges.
After being paid, the ransomware gangs must ultimately cash the crypto into fiat currency, such as the US dollar or local currency.
Cryptocurrency is first transferred through mixers to make the coins less traceable, and then converted using crypto exchanges or their employees.
By sanctioning crypto exchanges known to be used by ransomware players, the government hopes to disrupt this economy and make it much harder for ransomware gangs to function.
“Action like this would be an aggressive and proactive approach to tackle those who facilitate ransomware payments,” Ari Redbord, a former senior Treasury security official, told The Wall Street Journal of the expected sanctions. .
The expected sanctions are not the first the US government has imposed on threat actors associated with ransomware gangs.
In 2019, the United States indicted members of Evil Corp for stealing more than $ 100 million and added members of the cybercrime group to the Office of Foreign Assets Control (OFAC) sanctions list.
This group is associated with several ransomware families, including WastedLocker, Hades, Phoenix CryptoLocker, and PayLoadBin.
The US Treasury subsequently warned that ransomware negotiators could face civil penalties for facilitating ransomware payments to ransomware gangs on the sanctions list.