Following massive ransomware attacks, US President Joe Biden sanctioned the cryptocurrency exchange Suex with a clear objective: to prevent the payment of ransomware to perpetrators of ransomware attacks.
The Biden administration has taken coercive action against the Suex cryptocurrency exchange to financially strangle the ransomware groups. Already accused in the past by US authorities of working with ransomware groups, Suex has seen its access to US markets blocked as a result. The Treasury Department has also given advice to US companies on paying ransoms to cybercriminals, saying it is “strongly discouraging them.”
Measures in response to recent attacks
The decision was made following a massive ransomware attack in May 2021 against Colonial Pipeline, the largest pipeline in the United States. Led by the Russian-linked Darkside ransomware group, the attack forced Colonial Pipeline to decommission its systems and halt all operations on its pipeline. The fallout from the attack was so severe that the Biden administration had to issue emergency waivers, lifting limits on road transport of fuels, as fears of a shortage began to exert upward pressure. on oil and gas prices.
According to a Bloomberg report, Colonial Pipeline paid attackers nearly $ 5 million for decryption of its data, some of which was recovered by the Department of Justice in June. Despite paying the ransom, it took Colonial Pipeline several days to get its operations back to normal. Earlier this week, New Cooperative, a grain distributor with 60 locations in Iowa, was the victim of a massive ransomware attack led by a Russian-speaking group known as BlackMatter. The attackers reportedly demanded nearly $ 6 million from the victim company to restore the data. The information has not been confirmed by New Cooperative and an investigation into this incident is underway.
A real impact?
The Biden administration’s actions against Suex are intended to prevent ransom payments. The platform makes it easy to buy and sell cryptocurrencies and also makes transactions difficult to trace. Speaking to reporters ahead of the announcement, Deputy Treasury Secretary Wally Adeyemo said that “cryptocurrency exchanges through platforms like Suex are essential for attackers to profit from ransomware.” He added that this action “clearly showed the intention of the Biden administration to denounce and destabilize the illegal infrastructure that uses these attacks.”
However, John Bambenek, principal researcher at Netenrich, doubts that this measure will have a material impact on the proliferation of ransomware. “Preventing the payment of ransoms did not solve the kidnapping problem we experienced some 20 years ago, and that might not help much here either,” he said. “Sanctions against vendors can make some sense as long as the more honest are able, willing and incentivized to report bad behavior on their platforms. What’s more important in stopping ransomware is finding the people involved and bringing them to justice. However, this type of blocking could interfere with the collection of information on these bad actors and complicate their identification and arrest ”.