Fear The Legal Creep: US Blacklists BTC Address Used in Ransomware

Shortly after the attacks of September 11th, the United States passed legislation giving the federal government sweeping powers. The Patriot Act was designed to be a temporary measure to prevent terrorism in the new age that America found itself in. It passed the House of Representatives and the Senate easily and has been renewed every time its time limit has come up, without much debate by our legislators.

Since its initial passage, the tools codified in the Patriot Act have been used to justify actions not only against alleged terrorists, but also run-of-the-mill criminals, political activists and virtually every US citizen, even those never accused of a crime (likely including you.)

Today, the United States Treasury announced that it is blacklisting two bitcoin addresses associated with Iranian nationals. The two Iranians are accused of helping launder and convert bitcoins, some of which were allegedly obtained through the infamous SamSam Ransomware virus.

“Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims. As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes,” explained Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker in a press release posted on the Treasury website “We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives.”

The two accounts have been active since 2013 and have processed more than 7,000 transactions, interacted with over 40 exchanges and sent over 6,000 bitcoins according to the US Treasury.

I want to be clear. I think Ransomware operators are the scum of the earth. If you are unaware, Ransomware is a type of malware that locks critical files on a computer or network and demands money (typically bitcoin or another cryptocurrency). While much of their distribution is organic, they oftentimes target critical pieces of infrastructure. Hospitals with critical patient information, schools with private student information and corporations with customer data, invoices and other critical pieces of data that could cripple a company if lost.

The victim is usually instructed to send bitcoins before a timer runs out. After the timer runs out the price will go up or the files will be locked forever.