Treasury announced the moves amid a rise in ransomware attacks, in which cyber criminals demand payment — often in the form of digital currency — from their victims. The ransomware hack of the Colonial Pipeline in May led to the shutdown of one of the largest fuel delivery sources in the U.S. for nearly a week and caused supply disruptions along the East Coast. Colonial paid a ransom that was partially recovered by U.S. authorities.
“The majority of virtual currency exchanges are dealing in predominantly legal activity and have improved their compliance regimes over the last few years,” Treasury Deputy Secretary Wally Adeyemo said. “However, there is a subset of smaller nascent exchanges transacting a disproportionate amount of the illicit transactions flowing through the virtual currency ecosystem.”
Getting the Treasury Department involved is one of the Biden administration’s latest attempts to stymie the threat of ransomware gangs, especially as they continue to target U.S. infrastructure. Administration officials have met with business leaders to discuss ways to combat growing cyber threats, launched a whole-of-government ransomware fighting strategy in July that includes weekly meetings to discuss ransomware threats and have looped in international partners to tackle the problem together.
But the Treasury Department’s move is the first that hits at the crux of the issue: “Criminals operate in the space because it’s profitable,” Anne Neuberger, the White House’s deputy national security adviser focused on cyber issues, told reporters.
Ransomware criminals have come to rely on Bitcoin and other digital currencies to have victims pay what could be upwards of millions of dollars to decrypt their files and prevent future leaks of stolen data from an attack. This reliance has prompted several cybersecurity experts to call for either tighter regulations on the use of cryptocurrency or to altogether ban the use of crypto.
Ari Redbord, head of legal and government affairs at crypto forensics company TRM Labs and former senior adviser to the Treasury Department’s terrorism and financial intelligence unit, said Treasury’s actions show there’s a way for the government to put limits on the digital currencies without hurting everyday crypto users.
“This actually really shows the opposite: that law enforcement and regulators can go after the illicit actors who take advantage of crypto without sort of going after the technology itself,” said Redbord, who is also a former assistant U.S. attorney general.
The Suex cryptocurrency exchange is incorporated in the Czech Republic but operates in Russia. The company mostly communicated with its clients through encrypted chat app Telegram and only accepted new customers through referrals, according to TRM Labs.
Suex’s minimum acceptable transaction was about $10,000 — making it ripe for potential ransomware activity because most ransom demands are either in the thousands or millions of dollars. Suex is what TRM calls a “nested exchange,” meaning it used the infrastructure of a larger exchange to handle transactions.