Treasury bolsters government strategy to address ransomware threat

The Biden administration’s efforts to counter the growing threat of ransomware – malware that aims to prevent victims from accessing their data until they pay the perpetrators – have been bolstered by the US Department of the Treasury. 

On September 21, Treasury announced the actions it would take to disrupt “criminal networks and virtual currency exchanges responsible for laundering ransoms”. 

Treasury Secretary Janet Yellen said: 

Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors. As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks. 

In 2020, ransomware payments reached over $400 million – over four times more than in the previous year. Most payments were facilitated by virtual currency exchanges. 

OFAC sanctions SUEX 

The first actions under the new regime include Treasury’s OFAC (Office of Foreign Assets Control) adding the Russian virtual currency exchange SUEX to its Specially Designated Nationals list, thereby “generally” banning American citizens from engaging in transactions with SUEX. 

SUEX is known to have processed transactions related to at least eight ransomware variants, and analysis shows that over 40% of SUEX’s known transactions have been associated with illicit activity. 

This is the first time the Department has sanctioned a cryptocurrency exchange for facilitating ransomware payments. 

OFAC also released an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which emphasizes the government’s opposition to paying ransom and extortion demands, and recognition of the importance of good cybersecurity practices in defending against and responding to ransomware attacks. 

The impact of these sanctions should be clear: in preventing SUEX from accessing the US dollar, OFAC has sent a clear warning to all banks and exchanges that it will be doing more to curb money laundering. 

However, whether this is enough to curb the increase in ransomware attacks themselves remains to be seen. There are now thousands of cryptocurrencies and exchanges around the world, and many remaining opportunities for criminals to launder their ransom payments. 

Organizations are, therefore, still better off implementing appropriate security measures to reduce the risk of falling victim, and preparing response plans in case they do fall victim. 

What to do when you fall victim to ransomware 

If you fall victim to a ransomware attack, responding quickly and efficiently is paramount. 

IT Governance USA’s Incident Response Management Foundation Training Course teaches you what you need to do. 

It provides introduction to developing a cyber incident response program, so you can take appropriate steps to limit the damage to your business, reputation, and brand