PRESS RELEASES
Treasury Designates Iran-Based Financial Facilitators of Malicious Cyber Activity and for the First Time Identifies Associated Digital Currency Addresses
November 28, 2018
WASHINGTON – The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) took action today against two Iran-based individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who helped exchange digital currency (bitcoin) ransom payments into Iranian rial on behalf of Iranian malicious cyber actors involved with the SamSam ransomware scheme that targeted over 200 known victims. Also today, OFAC identified two digital currency addresses associated with these two financial facilitators. Over 7,000 transactions in bitcoin, worth millions of U.S. dollars, have processed through these two addresses - some of which involved SamSam ransomware derived bitcoin. In a related action, the U.S. Department of Justice today indicted two Iranian criminal actors for infecting numerous data networks with SamSam ransomware in the United States, United Kingdom, and Canada since 2015.
“Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims. As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes,” said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker. “We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives.”
More…
https://home.treasury.gov/news/press-releases/sm556