OFAC designated a virtual currency exchange and its associated support network for facilitating ransomware actors. To reflect recent ransomware trends and red flag indicators, FinCEN also updated its 2020 advisory.
OFAC found that the virtual currency exchange had direct ties with Suex, which was also sanctioned on September 21, 2021, for supporting ransomware actor transactions. Three companies that were set up to assist the exchange were also designated, pursuant to Executive Order 13694. Further, Latvian and Estonian officials also took action against the exchange and its associated support network. In addition, OFAC designated two Ukrainian ransomware operators for their participation in Sodinokibi/REvil ransomware incidents against the United States.
The DOJ unsealed separate indictments charging these two operators in connection with the attacks for (1) conspiracy to commit fraud and related activity, (2) substantive counts of damage to protected computers and (3) conspiracy to commit money laundering. The State Department announced a Transnational Organized Crime Reward offer of up to $10,000,000 for information concerning the Sodinokibi/REvil ransomware variant transnational organized crime group and/or ransomware incidents. In a related statement, Attorney General Merrick B. Garland said that the U.S. is working with allies to identify perpetrators of ransomware attacks and recover stolen funds.
FinCEN updated its advisory on ransomware to reflect recent trends and red flag indicators. New trends include an increase in anonymity-enhanced cryptocurrencies and decentralized mixers. Additional red flag indicators include (1) customers initiating transfers of funds involving a mixing service, and (2) customers using an encrypted networks (e.g., "onion routers") or unidentified web portals to communicate with recipients of convertible virtual currency (or "CVC") transactions.