The U.S. Department of the Treasury has taken decisive action against the financial infrastructure fueling the global ransomware epidemic.
Per AP News, the Office of Foreign Assets Control (OFAC) has sanctioned Russian national Sergey Ivanov and the payment processor Cryptex. Ivanov is accused of laundering hundreds of millions of dollars in virtual currency for cybercriminals, including ransomware gangs and darknet marketplace vendors.
For business leaders and IT administrators, this development reinforces a critical reality: The ransomware ecosystem is a state-entangled economy.
Ransomware Is A Global Threat, But Some States Are More Responsible
While ransomware is a global threat, the most sophisticated and damaging gangs are frequently based in Russia and North Korea. As we have discussed in previous Datarecovery.com articles regarding ransomware gangs in sanctioned countries, these operators do not work in a vacuum. In many cases, they operate with the tacit approval — or direct encouragement — of their governments.
- Russia: Often serves as a safe harbor for financially motivated gangs, provided they do not target Russian interests. The laundering services provided by actors like Ivanov allow these gangs to convert cryptocurrency into fiat currency.
- North Korea: Utilizes cybercrime as a significant revenue stream for the state. Groups like the Lazarus Group target financial institutions and healthcare providers to fund the regime’s weapons programs.
The designation of Ivanov and Cryptex serves as a stark warning to victims: Don’t pay the ransom. Paying a ransom is often illegal, and it’s not necessarily effective — about 25% of victims who pay do not restore access to their files.
Paying for Ransomware Is a Risky Proposition
When a company pays a ransom, they are not just buying a decryptor; they’re effectively transferring funds across borders. If those funds end up in the hands of a sanctioned individual (like Ivanov) or a sanctioned jurisdiction (like North Korea or Iran), the payer may be held strictly liable by OFAC.
OFAC sanctions violations can result in severe civil and criminal penalties. “Strict liability” means you can be fined even if you did not know you were paying a sanctioned entity.
But just as importantly: Paying a ransom provides an incentive for further attacks.
Ransomware Data Recovery Resources
The Treasury’s actions against money launderers like Ivanov are a positive step, but they do not remove the immediate threat to your organization. If you are targeted, the options aren’t “pay or lose everything.”
At Datarecovery.com, we specialize in recovering data from ransomware-affected systems without paying the criminals. By leveraging proprietary exploits and analyzing the encryption flaws inherent in many ransomware variants, we can restore data in many circumstances. We also provide penetration (PEN) testing, dark web monitoring, and related services to help you protect your organization from future attacks.
If you have been victimized by ransomware, we’re here to help. Set up a case online or call 1-800-237-4200 to speak with an expert.
