Cryptocurrency exchange WEX tied to ransomware scheme, PwC claims

Cryptocurrency exchange WEX has been linked to illegal operations, CoinDesk writes. Funds gained through SamSam ransomware attacks are connected to the exchange. WEX is the successor of the BTC-e exchange which might have been used to launder as much as $4 billion in bitcoin.

According to PwC, two Iranians who have been accused of having created the SamSam ransomware variant may have used WEX to launder money gained through ransomware attacks. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri have been charged with extortion—they are believed to have deployed the SamSam ransomware to extort funds from U.S. Government agencies and businesses.

Two more people—Ali Khorashadizadeh and Mohammad Ghorbaniyan—have been since tied to the ransomware scheme. They are believed to be responsible for enabling financial transactions. Their addresses have been used for transactions on Enexchanger and Iranvisacart, exchanges that allow payments through WEX.

According to PwC, “The use of Iran- and Slovakia-based exchanges suggests that threat actors favour using lesser-known [cryptocurrency] exchanges. This is likely because the more popular exchanges have [advanced] monitoring or compliance programs to detect illicit activities.”