U.S. Treasury Sanctions of Bitcoin Addresses are 'Good for Crypto'

The U.S. Department of the Treasury’s Office of Foreign Assets (OFAC) has banned U.S. citizens from interacting with two Bitcoin addresses. In a press release published this afternoon, the U.S. OFAC identifies two Iranian men tied to ransomware scams.

For the first time in OFAC history, the department publicly announced the Bitcoin addresses and stated that “U.S. persons generally are prohibited from dealing with them.”

The two persons in question, Ali Khorashadizadeh and Mohammad Ghorbaniyan, were responsible for exchanging ransom payments paid in Bitcoin, into Iranian Rial. The laundered currency comes from malicious cyber attackers who used the SamSam ransomware to forcibly obtain funds from over 200 victims.

Today’s announcement states the OFAC has identified two Bitcoin addresses known to be used by these two cyber-criminals. These addresses have been used to wash millions of U.S. dollars over more than 7,000 transactions since 2013.

SamSam Ransomware

The “SamSam” scam is a basic ransomware attack, whereby the hackers infect the victim’s computer, then attempt to gain administrator rights to the system. Once administrator privileges are secured, the hackers can scrape all of the victim’s data and files, then lock out the rightful owners. Then, the scammers demand ransom payment in Bitcoin in order for the victims to regain control of their computers.

The two addresses in question are 149w62rY42aZBox8fGcmqNsXUzSStKeq8C and 1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V. Looking at the blockchain data, these two addresses have received a total of 5,901 BTC, or $25,374,300. However, both of these accounts have been drained and currently hold zero Bitcoin.

The announcment stated:

Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims. As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes...We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives.

Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence

'Good News for Crypto'

Marco Santori, Chief Legal Officer of Blockchain took to twitter to give his thoughts on the landmark announcement. He belives that OFAC has the tools required to enforce these sanctions as they did not ask for more legislation to aid their efforts. He went on to say that the "Treasury is fighting crypto bad guys using the tools already at its disposal." Concluding that this was "good news for crypto."


Bitcoin Ransomware Attack: Google Disables Baltimore Officials’ Gmail Accounts

The Baltimore City government has been under siege since May 7, as it was hit with a ransomware attack that saw hackers demand $100,000 in bitcoin and officials refuse to pay the ransom. In a new development, Google disabled officials’ Gmail accounts being used as a turnaround.

According to The Baltimore Sun , the Baltimore City government created Gmail accounts to work during the ransomware attack, as the city’s servers have been disrupted to the point their baltimorecity.gov emails aren’t working.

Recently, however, emails sent to several of the newly created Gmail addresses returned messages claiming the “email account that you tried to reach is disabled.” It was found that Google has considered these business accounts that need to be paid, instead of free individual Gmail accounts.

James Bentley, a spokesperson for Mayor Bernard C. “Jack” Young, noted Baltimore planned to purchase a business plan from Google so the accounts could be restored. The news outlet quoted him as saying:

They disabled them because they deemed them to be business accounts. Their position is these accounts are circumventing their paid service

City Council President Brandon Scott added that meanwhile his staff was appealing the suspension with Google, although he hadn’t been briefed on the problem. A spokeswoman for Baltimore’s health department claimed she was able to see received old emails, but not send or receive new ones.

Per her words, there as no notice on why the account was disabled. On its website, Google claims it’ll suspend accounts used for sending spam, distribute malware, abuse children, violate copyright, or for other illicit purposes.

As CryptoGlobe covered, Baltimore was hit with a ransomware attack earlier this month that brought its real estate industry to a halt and crippled some of its essential systems. So much so the city’s collection and transfer of property taxes and water bills have been affected.

The hackers attacked the city’s servers with a new type of ransomware known as “Robbinhood,” and are demand a 13 BTC ($102,900) ransom to stop the whole attack. They also gave the city the option to pay 3 BTC ($23,700) to decrypt a specific system.