U.S. Treasury connects two Bitcoin addresses to Iranian ransomware scheme

The Treasury Department’s Office of Foreign Assets Control (OFAC) took actions against two Iran-based individuals, who they believe helped malicious cyber actors exchange bitcoin ransom payments into Iranian rial. OFAC also identified two wallet addresses associated with these individuals. These addresses have processed over 7,000 transactions in bitcoin, worth millions of U.S. dollars, and are now listed on the OFAC sanctions list — marking the first time the Treasury has added bitcoin addresses to its sanction's list. The ransomware scheme, SamSam, exploits computer network vulnerabilities to gain administrator access to the victim’s servers and files, without the victim’s authorization — forcing the victims to pay the cybercriminals bitcoins to have their access returned to them.

“Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims. As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchanges, and other providers of digital currency services harden their networks against these illicit schemes,” said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker. (Source: U.S. Treasury)