U.S. Treasury connects two Bitcoin addresses to Iranian ransomware scheme

The Treasury Department’s Office of Foreign Assets Control (OFAC) took actions against two Iran-based individuals, who they believe helped malicious cyber actors exchange bitcoin ransom payments into Iranian rial. OFAC also identified two wallet addresses associated with these individuals. These addresses have processed over 7,000 transactions in bitcoin, worth millions of U.S. dollars, and are now listed on the OFAC sanctions list — marking the first time the Treasury has added bitcoin addresses to its sanction's list. The ransomware scheme, SamSam, exploits computer network vulnerabilities to gain administrator access to the victim’s servers and files, without the victim’s authorization — forcing the victims to pay the cybercriminals bitcoins to have their access returned to them.

“Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims. As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchanges, and other providers of digital currency services harden their networks against these illicit schemes,” said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker. (Source: U.S. Treasury)

About Author

Steven Zheng is a researcher for The Block. He joined The Block in August 2018. Steven graduated from St. John’s University with a degree in economics. Previously, he covered blockchain and crypto at Radicle, a startup analytics firm. He also had brief stints at Cheddar, a media startup, and Bowery Capital, a venture capital firm. He owns bitcoin. Follow Steven on Twitter at: @Dogetoshi

More by Steven Zheng