• B Vrettos and M Bacina

Ransomware on the run? Russian digital currency exchange tracked and sanctioned for enabling crime


Over the Counter digital currency exchange, Suex, has the dubious honour of being the first of its kind to be sanctioned by the US Department of the Treasury's Office of Foreign Assets Control (OFAC) for reportedly facilitated the transactions for at least 8 different ransomware variants. Near 40% of the known transaction history for Suex is tied with illicit actors. Consequently, the sanction brands Suex as an exchange that provides "material support to the threat posed by ransomware actors". The designation effectively stops any US businesses dealing with Suex.


OFAC says that the designation itself has a variety of impacts for those that associate with Suex:-

  1. All property and interests in property of Suex that are subject to the US jurisdiction are blocked;

  2. US persons are generally prohibited from engaging in transactions with Suex;

  3. Any entities that are 50% or more owned by Suex will also be blocked; and

  4. Financial institutions and other entities that interact with Suex may be open to sanctions or enforcement action.

Chainalysis reportedly assisted OFAC to identify the illicit Suex wallet addresses which showed over $13 million in Bitcoin transactions directly tied to past ransomware attacks. This is a chip in the trunk of the OFAC's estimation of ransomware payments in 2020 totaling $400 million which quadrupled from the previous year.


OFAC's concern derives from this undeniable increase in ransomware's

scale, sophistication, and frequency, victimizing governments, individuals, and private companies around the world.

These attacks are occurring on critical sectors including healthcare, financial services and energy which are increasingly disruptive to day to day lives. A quick look back at the Colonial Pipeline ransomware attack can demonstrate the expansive impacts of such an attack. And all of the reported cases just scratch the surface.


These sanctions provide a proactive way for regulators to cut off the payment rails for ransomware attacks. It also follows that the sanctions are a robust incentive for digital currency exchanges to ensure their AML/CTF practices are in order to prevent illicit funds passing through their channels. In tandem OFAC has provided updated guidance on the sanction risks associated with ransomware payments and mitigating factors it will consider. Specifically this includes implementing a risk based compliance program and adopting practices recommended by the Cyber and Infrastructure Security Agency.


This appears to be the OFAC's call to action to review internal procedures in line with best practice guidelines as it continues its whole of government effort to counter ransomware. This step once again demonstrates just how easily traceable digital currency transactions are, and may help dissuade would be ransomware operators from using digital currencies for their demands. Despite these moves, businesses need to be vigilant and ensure their security perimeter is as defensible as possible as prevention is far better than any cure.