article featured image


On Tuesday, the U.S. Treasury Department announced that for the first time, it will take action against a digital currency exchange, SUEX OTC, that allegedly played a role in facilitating financial transactions for ransomware attackers.

This action is the first sanctions designation against a virtual currency exchange and was executed with assistance from the Federal Bureau of Investigation.


The announcement comes after a series of ransomware attacks that caused severe damage to multiple sectors and even threatened U.S. government agencies.

What Is Suex?

The Russian-linked exchange is an over-the-counter (OTC) broker that enables parties to trade via dealer-broker transactions.

According to Chainalysis, the Russia-based cryptocurrency Over The Counter (OTC) broker Suex is legally registered in the Czech Republic but has no known physical presence in the country. Instead, it functions out of branches in Moscow and St. Petersburg, as well as other cities in Russia and the Middle East.

Suex asserts that at these branch locations, it can exchange cryptocurrency funds into cash and even make possible the exchange of cryptocurrency for physical assets such as real estate, vehicles, and yachts.

SUEX has facilitated transactions involving illicit proceeds from at least eight ransomware variants. Analysis of known SUEX transactions shows that over 40% of SUEX’s known transaction history is associated with illicit actors.

SUEX is being designated pursuant to Executive Order 13694, as amended, for providing material support to the threat posed by criminal ransomware actors.


The Fight Against Ransomware Continues

The Biden administration continues to fight against ransomware. U.S. plan was to sanction cryptocurrency exchanges, wallets, and traders involved in helping fund ransomware threat actors.

The Suex sanction was meant to disrupt the main channel the ransomware gangs used to collect ransom payments from their targets.

According to the Treasury Department, in 2020, ransomware payments exceeded $400 million, more than four times their level in 2019.

In addition, an advisory has been released yesterday by the Treasury’s Office of Foreign Assets Control (OFAC) calling attention to the “sanctions risks associated with ransomware payments in connection with malicious cyber-enabled activities.”

How Much Money Did Suex Make?

As stated by researchers at Chainalysis, the crypto exchange has received over $481 million in Bitcoin alone since becoming operational in February 2018.

These transactions include considerable amounts of money obtained from cybercriminals. Specifically, Suex has received:

  • Nearly $13 million from ransomware operators including Ryuk, Conti, Maze, and several others
  • Over $24 million from cryptocurrency scam operators including the fraudsters behind Finiko, a scam that took in over $1 billion worth of cryptocurrency from victims primarily in Russia and Ukraine
  • Over $20 million from darknet markets, primarily the Russia-based Hydra Market

Suex funds received from cybercriminals since 2018


American individuals are not allowed to do business with Suex at the moment, and any holdings it may own in the US are blocked. It is important to know that anyone who does business with the organization may risk sanctions.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) advises companies to:

  • Not pay the ransom demand in case of a ransomware attack;
  • Report the attacks to the correct US government agencies and collaborate with them towards a resolution;
  • Implement a risk-based compliance program (such as OFAC’s)
Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.