Treasury also warned that ransomware negotiators could face civil penalties for facilitating ransom payments if they involved ransomware gangs already on its sanctions list. charged multiple members of the Evil Corp for stealing more than $100 million and added them to the Office of Foreign Assets Control (OFAC) sanctions list.Įvil Corp has been linked to multiple ransomware families over the years, including WastedLocker, Hades, Phoenix CryptoLocker, and PayLoadBin. government has also levied sanctions against other threat actors and entities associated with ransomware gangs in recent years. Treasury Department announced its first-ever sanctions against a cryptocurrency exchange for facilitating ransom transactions for ransomware gangs and helping them evade sanctions. Ongoing effort to disrupt ransomware threats The states behind this action will leverage their financial institutions and infrastructure to jointly fend off ransomware activity targeting international partners' critical infrastructure.Ĭomplementary efforts will also include disrupting the ransomware ecosystem through law enforcement collaboration, improving network resilience to prevent attacks, addressing ransomware criminals' safe-havens, and diplomatic engagement to encourage other countries to address ransomware operations active within their territory. This week, the United States and dozens of nations aligned on common approaches to counter it together. Ransomware is a world-wide threat leveraging global infrastructure – and no country can fight it alone. "We will also seek out ways to cooperate with the virtual asset industry to enhance ransomware-related information sharing," the officials added. The efforts to disrupt ransomware groups' abuse of cryptocurrency will include regulators, financial intelligence units, and law enforcement regulating, supervising, investigating, and taking action against virtual asset exploitation. "We are dedicated to enhancing our efforts to disrupt the ransomware business model and associated money-laundering activities, including through ensuring our national AML frameworks effectively identify and mitigate risks associated with VASPs and related activities." "We acknowledge that uneven global implementation of the standards of the Financial Action Task Force (FATF) to virtual assets and virtual asset service providers (VASPs) creates an environment permissive to jurisdictional arbitrage by malicious actors seeking platforms to move illicit proceeds without being subject to appropriate anti-money laundering (AML) and other obligations," the officials said. The Counter-Ransomware Initiative hopes to drain their funding and take down their operations by disrupting the ransomware groups' funding channels. Mitigating the abuse of virtual assets on a global scale would impact the business model and the main instrument used by the ransomware cybercrime groups to collect ransoms from their victims and launder the funds obtained in attacks targeting organizations around the world.
Publicly disclosed ransomware payments have reached almost $500 million worth of cryptocurrency globally during the last two years ($400 million in 2020 and over $80 million in Q1 2021).
Blocking ransomware gangs' abuse of cryptocurrency It was issued by ministers and representatives from Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States. The joint statement was issued following the virtual Counter-Ransomware Initiative meetings facilitated this week by the White House National Security Council in response to ongoing attacks that revealed significant vulnerabilities across critical worldwide infrastructure. Senior officials from 31 countries and the European Union said that their governments would take action to disrupt the cryptocurrency payment channels used by ransomware gangs to finance their operations.