SUEX, Crypto, and Ransomware

This year, the cryptocurrency platform SUEX was the first to be identified and sanctioned by the U.S. Government for its role in the ransomware payment chain, but it will likely not be the last. Here’s what you should know about SUEX and other cryptocurrencies.

This year, the cryptocurrency platform SUEX was the first to be identified and sanctioned by the U.S. Government for its role in the ransomware payment chain, but it will likely not be the last. Here’s what you should know about SUEX and other cryptocurrencies.

Bitcoin and other cryptocurrencies have a history with ransomware, as they are decentralized, harder to track, and traditionally more tech-centric. Bitcoin compromises about 98% of all ransomware payments made today. This year, the cryptocurrency platform SUEX was the first to be identified and sanctioned by the U.S. Government for its role in the ransomware payment chain, but it will likely not be the last. Here’s what you should know about SUEX and other cryptocurrencies.

Three things that make cryptocurrency easier to use for ransomware attacks. The first is anonymity. Ransom operators can create linked or hidden accounts with no real person to link back to. The second is that cryptocurrency is decentralized (not monitored by a central authority), making it harder to regulate and track criminal activity. Lastly, there is no recall or fallback option after crypto is sent.

This year, the Russian cryptocurrency platform SUEX was the first to be sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC). SUEX involves a nested exchange, using the infrastructure of a large global cryptocurrency exchange to manage transactions. Over 40% of SUEX transactions involve alleged ransomware attacks or other criminal activity. Other aspects of SUEX that stand out as particularly catered to use for criminal activities are the ease of conversion into physical currency and the high-value nature of exchanges with minimum transaction values at $10,000.

OFAC’s sanctioning of SUEX marks a shift in how the U.S. Government is cracking down on ransomware. By cutting off the ransomware payment chain, the Treasury can slow the mechanisms for ransomware groups to cash out. The action serves as a warning to other virtual currency platforms to ensure their practices are not facilitating bad actors.

SUEX is not the only cryptocurrency that has been used in the implementation of ransomware or the payment chains for other criminal engagements. Bitcoin, Monero, and Zcash are others that have been used across the dark web. In the recent ransomware attack of JBS, the world’s largest meat processor, an $11 million Bitcoin payment was collected by the perpetrators. Monero and Zcash are other cryptocurrencies to watch out for since they have specific privacy features that make tracking payees more difficult. Lastly, cybercriminals are becoming more advanced as they adapt in prevention of getting caught. The technique of “mixing” has become more common, where cybercriminals taint cryptocurrency funds with others to further conceal the trail back to the fund’s original source.