US Treasury Department blacklists Bitcoin addresses linked to Iran ransomware group
The backlisted bitcoin addresses were linked to Nikaeen Ravari and Khatibi Aghada, who worked with the IRGC to develop and deploy ransomware that threatened the national security of the US.
The U.S. Department of the Treasury has blacklisted seven Bitcoin wallet addresses linked to members of Iran’s Islamic Revolutionary Guard Corps (IRGC).
The department said in a Sept. 14 press release that the Iran-based malicious cyber actors have launched ransomware attacks against the U.S. since 2020. The group is said to have attacked the New Jersey municipality, some U.S-based children’s hospitals, and a host of private establishments.
The IRGC-affiliated individuals include Mansour, Ali Ahmadi, Mohammad Ahmadi, Mahdavi, Rashidi, Khatibi, Nikaeen, Mostafa, Mojtaba, and Shakeri. They had worked for Najee Technology and Afkar System companies to launch their malicious activities.
Four of the backlisted bitcoin (XBT) wallets were linked to Nikaeen Ravari and while three belonged to Ahmad Khatibi Aghada. The duo is said to have helped the IRGC develop and deploy ransomware that threatened the national security of the U.S.
As a result of the sanction, the Treasury has seized all properties belonging to the designated individuals in the country. U.S persons and institutions are prohibited from transacting with them, as anyone indicted will be subjected to further sanctions.
Secretary of the Treasury Brain E. Nelson said:
“We will continue to take coordination action with our global partners to combat and deter ransomware threats, including those associated with the IRGC.”
The Treasury also offered up to $10 million in rewards for any information that will lead to the arrest of Mansour, Nikaeen, or any of the designated individuals.
Ransomware Attackers opting for Bitcoin
Between 2011 and 2021, over $5 billion worth of Bitcoin has been paid out to ransomware attackers, according to a study by the Financial Crimes Enforcement Network (FinCEN).
The ransomware attack against Colonial Pipeline in 2021 forced the American company to pay out $4,4 million in Bitcoin to the DarkSide hackers.
A recent report by CipherTrace reveals that ransomware attackers who opt to receive their payments in Bitcoin usually add between 10% to 20% premiums. The extra charge is to deal with the risk of using easily traceable cryptocurrencies like Bitcoin.