U.S. Treasury Sanctions Two Iranians for Running Bitcoin Ransomware

In the spirit of ‘firsts,’ this event marks the first time ever that the U.S. Department of Treasury through the Office of Foreign Assets Control (OFAC) publicly released Bitcoin addresses. Desperate times, they say, call for desperate measures. The public release of the financial criminals’ Bitcoin wallets was necessary to warn the general public against transacting with them whether in fiat or digital currencies as anyone caught may be subject to secondary sanctions.

The alleged Iran-based financial criminals – Ali Khorashadizadeh and Mohammad Ghorbaniyan – were accused of aiding the conversion of digital currency (Bitcoin) into Iranian Rial. According to the Treasury’s press release, the financial criminals are in the business of converting Bitcoin paid by victims of the SamSam ransomware scheme into Iran Rial for the cybercriminal.

The cybercriminal acts by targeting websites of different organizations with a ransomware known as SamSam. With SamSam, the cybercriminal would gain total control of the host data and compel them to pay a certain amount as ransom – which is believed to be in Bitcoin – before regaining total control again. The press release stated that a bulk of the establishment targeted were government establishment, hospitals, universities, and several corporations.

This went on for quite a while – affecting over 200 known victims – until recently when the Bitcoin addresses of the financial criminals aiding the ransom payment were discovered. The press release also states that the transaction history of the Bitcoin wallets dates back to 2013 and since then, the addresses have processed over 7,000 transactions, which totals several millions of USD, a bulk of which was derived from the SamSam ransomware scheme.

Following the event, all property and interests in property of the designated individuals that are in control or possession of U.S citizens have been blocked and U.S citizens are prohibited from transacting with them in any form.

The SamSam ransomware scheme which affected mostly individuals and organizations in the United States, United Kingdom, and Canada, is believed to be born from the unwholesome desire of Iranians to gain access to U.S. dollars.

The U.S. Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker warned the general public including but not limited to peer-to-peer exchanges, virtual currency exchanges, and other providers of digital services to harden their network against these illicit schemes and assured the public that the Treasury will aggressively pursue Iran and other rogue regimes that are bent on exploiting digital currencies and weaknesses in cyber and AML/CFT safeguards to promote their nefarious objectives.