US Treasury Sanctions Iran-based Ransomware Group and Associated Bitcoin Addresses


The US Treasury Department’s Office of Foreign Asset Control has added 10 individuals, 2 entities, and several crypto addresses allegedly linked to an Iranian ransomware group to its list of Specially Designated Nationals, effectively making it illegal for US individuals and companies to get in touch with them.

In an announcement Wednesday, the US Treasury Department said the individuals and companies in the ransomware group were affiliated with Iran’s Islamic Revolutionary Guard Corps, a branch of the country’s military. The group allegedly carried out “a diverse array of malicious cyber activities”, including compromising the systems of a US-based children’s hospital in June 2021 and targeting “US and Middle East defense, diplomatic and government personnel.” .

OFAC has listed 7 Bitcoin (BTC) addresses allegedly connected to 2 of Iran’s nationals – Ahmad Khatibi Aghada and Amir Hossein Nikaeed Ravar – as part of its secondary sanctions. According to Treasury, Khatibi has been associated with technology and computer services company Afkar System — one of two entities sanctioned in the same announcement — since 2007. The government department claimed that Nikaeed had “rented and registered network infrastructure” to help the ransomware group.

ALSO READ  Best coins to buy in the dip

“Ransomware actors and other cybercriminals, regardless of national origin or location, have been targeting businesses and critical infrastructure across the board – a direct threat to the physical security and economy of the United States and other countries,” said Brian Nelson, Undersecretary of the Treasury for Terrorism and Financial Intelligence. “We will continue to coordinate actions with our global partners to combat and deter ransomware threats.”

The news came as the Justice Department announced charges against Khatibi, Nikaeed and Mansour Ahmadi — also among those named in OFAC’s sanctions — for allegedly “orchestrating a plan to hack into the computer networks” of entities and individuals in the United States, including the attacks cited by Treasury. According to the Justice Department, the Iranian ransomware group targeted a New Jersey-based accounting firm in February 2022, with Khatibi demanding $50,000 worth of cryptocurrency in exchange for not selling the company’s data on the black market.

ALSO READ  Crypto Will Reach Billions of Users by 2027, Says Dan Morehead

Related: Monero’s favorite crypto as ransomware ‘double extortion’ attacks increase by 500%

On August 8, OFAC added more than 40 cryptocurrency addresses associated with the controversial mixer Tornado Cash to the list of Specially Designated Nationals, provoking criticism from many figures in and out of space. Treasury clarified on Tuesday that U.S. individuals and entities were not prohibited from sharing Tornado Cash’s code, but also required a special license to complete transactions initiated before the sanctions were imposed or to withdraw funds.

ALSO READ  Oasis Pro and Solidus Labs team up to monitor risk and improve compliance