Treasury Issues New Ransomware-Related Sanctions, Updates FinCEN Advisory
The U.S. announced new, coordinated sanctions this week against a virtual currency exchange for processing ransomware-related transactions, and designated several companies and people for supporting the exchange and “perpetuating” ransomware attacks in the U.S. The Treasury Department’s Financial Crimes Enforcement Network also updated its ransomware payment advisory, which includes new information on ransomware trends.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The sanctions target the virtual currency exchange Chatex and three companies that “set up infrastructure” for Chatex, Treasury said: Izibits OU, Chatextech SIA, and Hightrade Finance Ltd. Along with Treasury’s sanctions, the agency said Latvia “suspended’ the operations of Chatextech and fined the company for violating business conduct laws, while Estonia revoked the license of Izibits OU.
Treasury also sanctioned Yaroslav Vasinskyi of Ukraine and Yevgeniy Polyanin of Russia for participating in ransomware attacks against the U.S. by Sodinokibi/REvil, a transnational organized crime group. The U.S. also sanctioned Polyanin Evgenii Igorevich IP, a Russian business owned by Polyanin.
Sodinokibi/REvil has received more than $200 million in ransomware payments paid in Bitcoin and Monero, Treasury said. The State Department announced a reward of up to $10 million for information on the location of the group’s “key” leaders and a reward of up to $5 million for information that leads to the arrest or conviction in any country of someone working on a “Sodinokibi variant ransomware incident.”
The sanctions came about two months after Treasury sanctioned its first crypto exchange for facilitating ransomware payments (see 2109210031) and less than a month after Treasury Deputy Secretary Wally Adeyemo said more crypto and cyber-related sanctions are likely (see 2110220005).
FinCEN’s updated guidance identifies “new trends” in ransomware payments, including the “growing proliferation of anonymity-enhanced cryptocurrencies (AECs) and decentralized mixers.” The guidance also describes various extortion schemes used by cyber-criminals, how they form partnerships, recent examples of ransomware attacks, red flag indicators and more.