The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money.
With ransomware attacks against US interests and infrastructure escalating over the past two years, the White House has increased its efforts to disrupt ransomware operations.
According to reporting by the Wall Street Journal, the US is expected next week to sanction crypto exchanges, wallets, and individuals who aid ransomware gangs convert cryptocurrency.
As cryptocurrency is a required component of ransomware operations, the Biden administration hopes to disrupt this payment method and associated attacks with sanctions.
When ransomware gangs attack organizations, they demand millions of dollars in cryptocurrency to receive a decryptor and prevent the release of stolen data.
Almost all ransomware operations demand either Bitcoin or Monero for ransom payments. However, practically every ransom payment is made in Bitcoin, as Monero is considered a privacy coin and not offered for sale by almost all US crypto exchanges.
After getting paid, ransomware gangs ultimately have to cash out the crypto into fiat money, such as US dollars or local currency.
The cryptocurrency is first transferred through mixers to make the coins less traceable and then converted using crypto exchanges or their employees.
By sanctioning crypto exchanges known to be used by ransomware actors, the government hopes to disrupt this economy and make it far more difficult for ransomware gangs to operate.
“An action of this kind would be an aggressive, proactive approach to going after those who facilitate ransomware payments,” Ari Redbord, a former senior Treasury security official, told the Wall Street Journal regarding the expected sanctions.
The expected sanctions are not the first the US government has levied against threat actors associated with ransomware gangs.
In 2019, the US charged members of the Evil Corp for stealing over $100 million and added members of the cybercrime group to the Office of Foreign Assets Control (OFAC) sanction list.
This group is associated with multiple ransomware families, including WastedLocker, Hades, Phoenix CryptoLocker, and PayLoadBin.
The US Treasury later warned that ransomware negotiators may face civil penalties for facilitating ransomware payments to ransomware gangs on the sanction list.