US Regulators Tie Two Bitcoin Addresses to Iranian Ransomware Plot

Nikhilesh De
Nov 28, 2018 at 15:34 UTC
Updated Nov 28, 2018 at 19:06 UTC
news

The U.S. Department of the Treasury is officially adding crypto addresses to its individual sanctions list.

The Treasury Department’s Office of Foreign Assets Control (OFAC) announced Wednesday that it was adding two Iran residents – Ali Khorashadizadeh and Mohammad Ghorbaniyan – to its Specially Designated Nationals list, and for the first time in the list’s history, bitcoin addresses associated with the individuals will be included with other identifying information, such as physical addresses, post office boxes, email addresses and aliases.

OFAC first indicated it might add crypto addresses to its list in March, when it updated its FAQ on sanctions compliance. At the time, the office highlighted the fact that cryptocurrencies are comparable to fiat currencies as far as the SDN list is concerned. As such, the office is alerting U.S. citizens that they are prohibited from sending any funds to the two addresses.

In a statement, Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker said the department ” is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims,” adding:

“We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives.”

Malicious software

Khorashadizadeh and Ghorbaniyan are being added to the list for their role in facilitating financial transactions related to the SamSam ransomware. The ransomware has hit more than 200 victims over the last few years, including corporations, hospitals, universities and government agencies.

The malicious software held these organizations’ data hostage in exchange for bitcoin, according to the Treasury Department.

OFAC believes Khorashadizadeh and Ghorbaniyan converted more than 7,000 bitcoin transactions into Iranian rial, processing roughly 6,000 bitcoin, worth millions of U.S. dollars, on behalf of SamSam’s creators. These transactions included bitcoin received as part of the payment from SamSam’s victims.

The two then allegedly deposited the rial into Iranian banks.

According to OFAC, the two used more than 40 crypto exchanges, including some unnamed U.S.-based exchanges, to process transactions.

Any individuals or exchanges who do send funds to the two may be subject to secondary sanctions, including by being cut off from the U.S. financial system entirely.

“As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes,” Mandelker said.

Image via MohitSingh/Wikimedia Commons