SUEX sanctioned by the US due to the involvement in criminal attacks

by Ugnius Kiguolis - - 2021-09-22

Russian cryptocurrency exchange linked to ransomware gangs and money laundering transactions sanctioned by the U.S Treasury Department

SEUX sanctioned to stop ransomware Ransomware effects on economics and harm caused by cyber-attacks encouraged Treasury Department to take action against ransomware.

According to the officials,^[1] the first-ever sanctioning on a cryptocurrency exchange is extremely important because SUEX is related to at least eight ransomware variants.^[2] The official announcement listed all the possible roles of the exchange in laundering ransom payments from cyberattacks linked to ransomware like Maze, Conti, Ryuk,^[3] and many more. These actions are taken to counter ransomware-related operations:

Treasury’s actions today advance the United States government’s broader counter-ransomware strategy, which emphasizes the need for a collaborative approach to counter ransomware attacks, including partnership between the public and private sector and close relationships with international partners.

According to many reports,^[4] these threat actors gained significant profits. Since the launch of SUEX in 2018, the platform received at least $481 million in Bitcoin cryptocurrency alone. Those include:

$13 million from ransomware operators;
$24 million from scam operations related to cryptocurrency;
$20 million from darknet markets like Hydra Market.

Proven links to Russia and known ransomware developers

The cryptocurrency exchange was legally registered in February 2018 in the Czech Republic, but there is no evidence of its physical presence. Instead, the analysis on operations shows links to offices in Moscow, St. Petersburg, and other Russian and Middle Eastern locations. Transactions made using the change are linked to illicit actors. More than 50% of those processes are related to scammers, attackers, ransomware gangs. Addresses associated with the platform are also indicated^[5] as significant money laundering facilitators.

SUEX claims to offer the cryptocurrency holding conversion into cash. Even offers cryptocurrency exchange into physical assets like real estate or valuable things like cars or boats. Many of the services this exchange uses are not legitimate and can be exploited for laundering and scamming techniques.

Tens of millions out of those transactions show the relation to addresses linked to cybercrime and threat actors. The exchange uses Ether, Tether, and other cryptocurrencies, but the main is Bitcoin. This crypto is more common for ransomware actors since demands are mainly asked in this form.

Suex received over $50 million worth of cryptocurrency from addresses associated with BTC-e, an illicit cryptocurrency exchange shut down by authorities in 2017 for facilitating large-scale money laundering on behalf of cybercriminals.

Actions were taken to disrupt and prevent ransomware attacks

These transactions only show the severity of the economic harm these cybercriminals cause with their attacks on organizations and people.^[6] Ransomware is the infection that blocks access to the computer system or the whole network and encrypts data to have the reason for a ransom demand. Those payments from victims are processed via the exchange platform, and victims should receive the file recovery software. However, those are very rare cases.

Ransomware attacks increase because attackers get more sophisticated, active, and frequent with their attacks. Infections affect governments, individual users, and private companies in various parts of the world. When compared last two years in the ransomware world, in 2020, these payments reached the $400 million mark, which is four times more than the number in 2019. Government and law enforcement institutions want to disrupt these activities and stop malicious actors.

These sanctions mean that all property and interests get blocked, persons are prohibited from initiating transactions with the company. Entities and people engaging with the sanctioned target expose themselves to these sanctions and can be subject to law enforcement actions. Even though these actions are not related to any major ransomware gang, there are some major groups that might suffer from these actions.

About the author

Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References

^ Treasury Takes Robust Actions to Counter Ransomware. Treasury. Government official site.
^ Ties to ransomware offenders leads to US sanctions for SUEX. Dailysabah. News on politics, business and news.
^ Jake Doevan. Ryuk ransomware is large-scale malware that chooses its targets carefully. 2-spyware. Virus removal guides and news.
^ OFAC Sanctions Russian Cryptocurrency OTC Suex that Received Over $160 million from Ransomware. Chainalysis. Insights on cybersecurity.
^ Laura Shin. The Rogue 100: How Cryptocurrency Criminals Cash Out. Unchained. Podcast.
^ Lucas Manfredi. $5.9M ransomware attack on major agriculture group poses risk to US grain, pork, chicken supply. Foxbusiness. Cyber security news.