US Treasury Targets Exchanges to Counter Ransomware Threat

Introduction

In an effort to counter the growing prevalence of ransomware attacks, the Biden administration has directed the US Department of the Treasury to target cryptocurrency exchanges that support cyber-crimes. 

There were numerous ransomware attacks in 2020 and 2021, targeting various enterprises inside and outside the United States. 

Many of the perpetrators of these attacks used cryptocurrency to facilitate the transfer of ransoms. The US government hopes that targeting these exchanges will undermine the infrastructure upon which cybercriminals rely. To date, one of the most notable targets of this crackdown has been Chatex, an Eastern European exchange. Here is what you need to know.

Treasure Goes After Ransomware

On November 8th, in what is being termed as a “Whole-of-Government-Effort”, the US Department of the Treasury announced that it would be targeting “ransomware actors and virtual currency exchanges that launder the proceeds of ransomware”. 

Recent high-profile cyberattacks have garnered extensive media attention, and the Biden Administration is throwing the whole of its weight behind efforts to curtail the problem.

The most notable of the recent crackdowns targeted Chatex, an Eastern European Crypto Exchange. The US Department of the Treasury alleges that this exchange receives half of its business from hackers and ransomware actors. Chatex is a multinational corporation with strong ties to Suex OTC, an exchange similarly sanctioned in September 2021. Chatex supports 14 currencies and has up to 350,000 registered members. In a separate action, the US Department of the Treasury sanctioned 30 wallets associated with Chatex.

Ransomware: What it Is and How It Works

Ransomware is a form of cyberattack perpetrated by malicious actors (hackers, criminal organizations, and/or leper-states) aimed at extracting money (eg. a ransom) from a company, government entity, or individual. 

While most ransomware attacks target private individuals, the most profitable ones target large enterprises. A typical ransomware attack will follow these steps:

  1. Usually a program is introduced through a phishing email. This strategy is most effective prior to a public holiday when employees are distracted and let their guard down.
  2. This program will grant hackers access to company edge servers or data storage facilities. This program does not act immediately to activate a virus and therefore often goes undetected by antivirus software.
  3. Once deeply entrenched within a target’s IT or OT infrastructure, the attackers take one of several actions — they threaten to delete or destroy important data, threaten to release sensitive data (such as confidential medical records) to the public, or threaten to take actions that cause costly halts in production (shutting off production line machines, cancelling orders).
  4. They will then issue a ransom blackmailing the target company in exchange for cryptocurrency transferred through an unscrupulous or careless exchange. In this case, allegedly Chatex or Suex OTC.

Such attacks are growing in popularity and severity, and are arguably facilitated by cryptocurrency exchanges. Indeed, in 2020 there were a ridiculous 304 million ransomware attacks globally. Likewise, an estimated 68% percent of companies were affected in some way. 

As such, the Biden administration hopes that other countries will follow the US lead in tackling ransomware activity. Accordingly, they have added Chantex (and Suex OTC) to a list of Specially Designated Nationals alongside myriad terrorists and narcotics traffickers. At present, the CEO of Suex OTC, Egor Petukhovsky is pursuing legal action against the US to protect his name.

Analysis

A spokesperson from the US Department of Treasury stated that the crackdown on Chatex is merely the follow-up of the earlier crackdown on Suex OTC. When compared to countries like China, which have banned entire cryptocurrencies, it’s a good example of a surgical approach to tackling the use of crypto in cybercrimes. Indeed, it is a better approach than banning all crypto and throwing the baby out with the bathwater.

Likewise, the decision to target individual exchanges demonstrates the wider acceptance of bitcoin and other cryptocurrencies by the US federal government. It sends a clear message — we accept that bitcoin is here to stay, but we will punish you if you help criminals use it for illegal activities.

Conclusion

Before the emergence of cryptocurrency, ransoms were paid in dirty small bills, left in paper bags, behind dumpsters, in bad parts of town. Of course, it would be ridiculous to even consider banning the dollar bill. Such an action would be pointless, and we should instead target the bookie, the gangster, and the money launderer. The same applies to crypto.

The technology that powers Bitcoin is here to stay and is inherently neutral. Its use — for good or ill — depends on the user. 

As blockchain analytics and regulations mature, so does our ability to not only react to money laundering and terrorism funding (ML/TF), the two grave ills that regulators are most worried about will proliferate in step with cryptocurrencies’ mass adoption, but to curtail them. Crypto transactions are not anonymous and can be traced, and real-time sanction screening, Travel Rule information transfers, and KYC checks by the likes of Sygna and our strategic partners Elliptic, Chainalysis, ComplyAdvantage, and CipherTrace, and the rest of a new generation of companies facilitating proactive real-time compliance requirements and defenses to deter and chase away bad actors, are only going to continue getting better. As the industry moves to seamless compliance across crypto onramps and offramps, the spoils of ransomware will continue to be diminished with nowhere to eventually convert them.

Mastercard Partners With Bakkt To Bring Crypto Mainstream

FTX Publishes 10 Key Principles for Market Regulation of Crypto Exchanges