On November 8, 2021, the US Department of the Treasury announced a coordinated action taken by the Office of Foreign Assets Control and the Financial Crimes Enforcement Network (FinCEN) in an effort to increase ransomware awareness and disrupt the criminal actors and virtual currency exchanges that launder ransomware proceeds.
OFAC designated seven parties for their roles in ransomware-related events, including virtual currency exchange Chatex for facilitating financial transactions for ransomware actors associated with a number of ransomware variants. According to OFAC, Chatex has direct ties with SUEX OTC, SRO, a virtual currency exchange that was sanctioned in September 2021, and reportedly conducted transactions using Suex’s nested exchange functions. Chatex was designated pursuant to Executive Order 13694, as amended, for engaging in criminal ransomware and providing material support to Suex. OFAC also designated three entities that were responsible for setting up Chatex’s infrastructure. These entities were designated pursuant to EO 13694, as amended, for providing material support and assistance to Chatex.
OFAC also designated Ukrainian Yaroslav Vasinskyi and Russian Yevgeniy Polyanin, two members of a cybercriminal group that has obtained more than $200 million in ransom payments resulting from ransomware attacks against multiple private companies and government entities in the US. These two, as well as a company owned by Polyanin, were designated pursuant to EO 13694, as amended.
As a result of these designations, all property and interests in property of today’s designees within the United States or within the possession or control of a U.S. person are blocked, and U.S. persons are generally prohibited from engaging in transactions involving the designated persons. In addition, transactions with entities that are owned 50 percent or more by one or more blocked persons are also blocked.
On the same day, FinCEN published an update to its 2020 ransomware advisory to coincide with OFAC’s ransomware-related designations. The Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments identifies new ransomware trends, typologies and payment methods observed in recent ransomware events; examines the recent ransomware attacks that have affected multiple US industries including manufacturing, legal and financial services, and health care, among others; and provides financial institutions with a number of red flag indicators associated with ransomware-related activity in order to help companies detect, prevent and report these suspicious transactions in accordance with the Bank Secrecy Act.