US officials seize $6.1M in crypto from ransomware actors, adds Chatex to sanctions list
“This will not be the last time — the U.S. government will continue to aggressively pursue the entire ransomware ecosystem and increase our nation’s resilience to cyber threats,” said Attorney General Merrick Garland.
The United States Department of the Treasury has announced it will impose sanctions on the cryptocurrency exchange Chatex and its support network for allegedly facilitating transactions for ransomware actors.
In an advisory update issued on Nov. 8, the Treasury Department Office of Foreign Assets Control, or OFAC, added Chatex as well as IZIBITS OU, Chatextech SIA, and Hightrade Finance to its list of entities sanctioned by the U.S. government. The department claimed Chatex has “direct ties” with Czech Republic and Russia-based business Suex OTC, which it sanctioned in September.
According to OFAC, Chatex has helped facilitate transactions for ransomware groups, with more than half of the exchange’s transactions “traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware.” The addition of the exchange to the sanctions list follows Latvian and Estonian authorities suspending Chatextech’s operations and revoking IZIBITS OU’s license, respectively.
“Unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities, especially by laundering and cashing out the proceeds for criminals,” said the department. “Treasury will continue to use all available authorities to disrupt malicious cyber actors, block ill-gotten criminal proceeds, and deter additional actions against the American people.”
In the same announcement, OFAC alleged Ukrainian national Yaroslav Vasinskyi and Russian national Yevgeniy Polyanin had been part of ransomware attacks against multiple U.S. government entities as well as many in the private sector. As part of the Treasury Department’s actions, U.S. residents are prohibited from engaging in transactions with Vasinskyi, Polyanin, Chatex, and all associated entities, or they may face enforcement action or sanctions themselves.
The State Department announced it would be offering a $10 million reward for information leading to the location of anyone in a “key leadership position” in the Sodinokibi/REvil ransomware group. In addition, it would offer a $5 million reward leading to the arrest or conviction of anyone attempting to initiate a major ransomware attack.
During a press conference today, U.S. Attorney General Merrick Garland said the Justice Department had indicted Vasinsky in August for his alleged role in hacking personal computers as well as conspiring to commit money laundering by demanding payment for the ransomware attacks. According to the Attorney General, Polish authorities arrested Vasinsky in October and he is awaiting extradition to the United States. In addition, the Justice Department announced a similar indictment against Polyanin, having seized $6.1 million in crypto from 3,000 ransomware attacks for which he was allegedly responsible.
“For the second time in five months, we announced the seizure of digital proceeds of ransomware deployed by a transnational criminal group,” said Garland. “This will not be the last time — the U.S. government will continue to aggressively pursue the entire ransomware ecosystem and increase our nation’s resilience to cyber threats.”
Under President Joe Biden, combating ransomware attacks to critical U.S. infrastructure has been a major issue. In June, a government task force seized more than $2 million in crypto used to pay for ransom following an attack on the Colonial Pipeline system.