FOLLOW US

Examples include Russia-based and state-sponsored Evgeniy Mikhailovich Bogachev, who developed the Cryptolocker ransomware used to infect 117,000 computers in the United States between 2013 and 2016. Bogachev goes by the online monikers of “lucky12345” and “Slavik” and is wanted by the FBI. There is a $5 million reward for his capture.

The SamSam ransomware started being used in 2015 to 2018 to target many governmental institutions, large cities, like Atlanta, Georgia, and big companies.  OFAC sanctioned two Iranian nationals suspected of working on behalf of Iran for providing material support of ransomware attacks.

The North Korean Lazarus Group also known as the Hidden Cobra uses the WannaCry 2.0 ransomware. They may employ as many as 6,000 hackers and have been linked to 300,000 computer attacks in 150 countries. They are also suspected of the 2020 attacks targeting the cryptocurrency vertical. 

Russian state-sponsored Evil Corp is a “cybercriminal organization, which used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in thefts.”

The FBI is offering a $5 million reward for information to locate Evil Corp and their leader, Russian-based  Maksim V. Yakubets, who the government says went by the nicknames “aqua,” and “aquamo.”  OFAC has imposed sanctions on these actors and “will continue to impose, sanctions on these actors and others who materially assist, sponsor, or provide financial, material, or technological support for these activities.”

Also on the SDN list are 5 China-based international hackers known as Apt41. This hacking group is allegedly responsible for computer crimes including intellectual property  (IP) theft, ransomware attacks, and crypto-jacking that impacted over 100 companies, organizations, and individuals in the United States and other countries.

Last month, the U.S. government filed charges against seven international hackers who are suspected to be members of Apt41. Two of the defendants are citizens of  Malaysia and five were citizens of the People’s Republic of China (PRC), where they currently reside. They are also suspected to be connected to the Chinese Ministry of State Security. 

Facilitating ransomware ransoms may violate OFAC regulations 

This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program.

Through the International Emergency Economic Powers Act (IEEPA) or the Trading with the Enemy Act (TWEA), U.S. citizens are prohibited from engaging in transactions, with individuals or entities on OFAC’s SDN list.