On September 21, 2021, the U.S. Department of the Treasury (Treasury) Office of Foreign Asset Control (OFAC) imposed sanctions on a virtual currency exchange called Suex OTC, S.R.O. (Suex), and published an updated advisory on potential risks for those who facilitate ransomware payments. These coordinated actions represent significant moves by OFAC to target key aspects of the global ransomware ecosystem and to advance the U.S. government’s broader counter-ransomware strategy. By recommending strengthened cybersecurity measures and emphasizing reporting to law enforcement, OFAC’s updated advisory also reflects increasingly tighter collaboration among federal government agencies in their fight against the ransomware threat.
Ransomware attacks use malware, often injected through phishing schemes, to infect a victim’s computer system and to restrict the victim from accessing the system, stored data, or files by encrypting them. These attacks are typically followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. Threat actors usually demand payment in cryptocurrencies (like bitcoin); accordingly, victims often use third-party services to make such payments. Having received the ransom payment, threat actors may then use virtual currency exchanges — most of which are legitimate businesses that allow customers to trade cryptocurrencies for other assets (including other digital currencies and conventional fiat money) — in an effort to launder the stolen funds and obscure their digital tracks.
Confronted by numerous sophisticated and costly ransomware attacks, the Biden administration declared earlier this year that ransomware represents a national security threat. Recent attacks on the nation’s critical infrastructure, including attacks that temporarily shut down an important petroleum pipeline and disrupted a nationwide meatpacking company, underscored the growing nature of this threat. The global ransomware landscape has continued to evolve thanks to new partnerships among several notorious cybercriminal groups that reportedly share hacking techniques, breached information, and cutting-edge technology.
As a result of these significant developments, the Biden administration recently announced a counter-ransomware strategy that includes four lines of effort: (1) disruption of ransomware infrastructure, (2) international cooperation to hold countries that harbor ransom actors accountable, (3) expansion of cryptocurrency tracing analysis, and (4) review of the U.S. government’s policies and approaches to those who make ransomware payments.
OFAC’s September 21 actions signal that the Biden administration is taking steps to move along several of these lines of effort, specifically disruption of ransomware infrastructure, and clarification of the government’s approach to those who make ransomware payments. In addition, public reporting indicates that OFAC’s targeting of Suex, and its identification of the exchange’s close association with illicit activity, relied heavily on blockchain analysis — thereby reflecting the U.S. government’s commitment to increasing its awareness of the movement of digital currency across international borders.
Sidley Austin LLP provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship.
Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300; One South Dearborn, Chicago, IL 60603, 312.853.7000; and 1501 K Street, N.W., Washington, D.C. 20005, 202.736.8000.