Treasury sanctions Iranian military-linked ransomware gang, including new BTC addresses

Quick Take

  • The Treasury has sanctioned a new ransomware gang that it has associated with Iran’s Islamic Revolutionary Guard Corps.
  • The new sanctions designate 10 people, two companies and seven Bitcoin addresses. 

The US Treasury is targeting the Iranian military's ransomware wing. 

In new sanctions announced on September 14, the Treasury's Office of Foreign Asset Control took aim at 10 individuals and two companies that it associated with Iran's ransomware activities.

OFAC alleges that this ransomware group targeted a municipality in New Jersey and a children's hospital in 2021, among other exploits.  

"This IRGC-affiliated group is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities," Treasury's announcement said. 


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

The new sanctions included 7 new Bitcoin addresses, adding to a growing list of crypto addresses that the Treasury has designated.

The past month has seen a storm of controversy surrounding sanctions on the smart contract addresses that run decentralized mixer Tornado Cash. 

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Kollen Post is a senior reporter at The Block, covering all things policy and geopolitics from Washington, DC. That includes legislation and regulation, securities law and money laundering, cyber warfare, corruption, CBDCs, and blockchain’s role in the developing world. He speaks Russian and Arabic. You can send him leads at [email protected].