The U.S. Treasury has sanctioned Russian cryptocurrency exchanges Cryptex and PM2BTC because of laundering allegations. It’s believed that these cryptocurrency exchanges have laundered millions in ransomware funds linked to Russian cybercriminals.
What happened
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned Cryptex and PM2BTC, two cryptocurrency exchanges accused of laundering millions in funds tied to Russian ransomware gangs and other cybercriminal activities. Cryptex, operating under the cryptex[.]net domain, reportedly processed over $51 million connected to ransomware attacks, while PM2BTC, using the now-seized pm2btc[.]me domain, facilitated virtual currency-to-ruble conversions for Russian threat actors without adhering to anti-money laundering regulations. These sanctions are part of a broader effort to disrupt Russian cybercrime networks.
Go deeper
Cryptex is allegedly a major financial facilitator for cybercriminals, involved in transactions totaling more than $720 million to services frequently used by Russia-based ransomware operators. These services include fraud shops, mixing platforms, and exchanges with Know Your Customer (KYC) protocols. OFAC linked these operations to Sergey Sergeevich Ivanov, also known as "Taleon," a notorious Russian money launderer with a two-decade history of aiding ransomware actors, darknet vendors, and other criminal entities.
Ivanov is also tied to payment processing for fraud shops like Genesis Market, a platform previously designated by OFAC and taken down by law enforcement in 2023. The broader sanctions effort, coordinated with international partners under Operation Endgame, aims to cripple financial infrastructures that enable transnational cybercrime.
What was said
The U.S. Department of the Treasury released a press statement announcing efforts to disrupt Russian cybercrime services. Treasury's Financial Crimes Enforcement Network (FinCEN) identified PM2BTC, a Russian cryptocurrency exchange linked to Sergey Sergeevich Ivanov, as being of “primary money laundering concern” due to its connections to illicit Russian finance. Simultaneously, the Office of Foreign Assets Control (OFAC) sanctioned Ivanov and Cryptex, a virtual currency exchange operating out of Russia and registered in St. Vincent and the Grenadines.
“The United States and our international partners remain resolute in our commitment to prevent cybercrime facilitators like PM2BTC and Cryptex from operating with impunity,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith. “Treasury, in close coordination with our allies and partners, will continue to use all tools and authorities to disrupt the networks that seek to leverage the virtual assets ecosystem to facilitate their illicit activities.”
The Treasury emphasized that these actions aim to protect U.S. national security and the integrity of the financial system by blocking access to U.S. markets for these illicit entities.
In the know
Ransomware is a type of malicious software designed to block access to a computer system or encrypt a victim's data, effectively holding it "hostage" until a ransom is paid. Typically, cybercriminals demand payment in cryptocurrencies like Bitcoin, due to its perceived anonymity, in exchange for a decryption key to restore access. Ransomware attacks can target individuals, businesses, or even large organizations, often crippling critical services and infrastructure. Over recent years, ransomware has evolved into a major cybersecurity threat, with attackers deploying more sophisticated methods to penetrate systems, steal sensitive information, and extort substantial sums from victims.
See also: What is ransomware and how to protect against it
Why it matters
These sanctions demonstrate the advancement in international efforts to combat ransomware and cybercrime that exploits cryptocurrency for illegal profits. By focusing on financial facilitators such as Cryptex and PM2BTC, U.S. authorities are sending a warning to other cybercriminal networks that their activities will be disrupted.
See also: HIPAA Compliant Email: The Definitive Guide
FAQs
How do ransomware attacks happen?
Ransomware attacks often occur through phishing emails, malicious attachments, or compromised websites. Once the ransomware is downloaded, it spreads through the network, encrypting files and locking users out.
What should I do if I’m a victim of a ransomware attack?
If you become a victim, disconnect the infected system from the network to prevent the spread of the malware. Avoid paying the ransom, as there’s no guarantee the attacker will restore access. Contact law enforcement and seek help from cybersecurity professionals to recover your data.
Can ransomware be removed without paying the ransom?
Yes, in some cases, ransomware can be removed using specialized tools, and backups can restore data. However, sophisticated ransomware may require professional assistance for recovery.
In other news: Refusal to pay is the newest strategy to combat ransom attacks
How can I protect myself from ransomware?
To protect against ransomware, regularly back up your data, use strong security software, keep systems updated, and educate employees about phishing attacks. Implementing multi-factor authentication and network segmentation can also reduce the impact of an attack.
Tshedimoso Makhene
