The U.S. Treasury’s Office of Foreign Assets Control (OFAC) today sanctioned ten individuals and two companies associated with a ransomware group linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) and blocking their Bitcoin wallet addresses.
According to the U.S. treasury department, the individuals and entities were involved in coordinated ransomware attacks
According to the department, the individuals and entities added to the government’s sanctions list have been involved in coordinated ransomware attacks against various US-based businesses and organizations since at least 2020.
Ransomware is a cyberattack in which hackers remotely lock a computer or network by exploiting software flaws and demand payment to re-enter. Despite the transparency of blockchain networks like Bitcoin, these payments are typically made in cryptocurrency, which can be more challenging to track than other digital payment methods.
The Iranian group target various business in the United States, including a children’s hospital
Treasury officials claim that the Iranian group targeted a children’s hospital, a city in New Jersey, a rural electric utility company, and various other businesses in the United States. The individuals have been identified as Najee Technology Hooshmand Fater LLC and Afkar System Yazd Company employees or associates.
Because the alleged attackers and their business entities have been placed on the OFAC sanctions list, American citizens and companies are no longer permitted to interact with them. This includes the Bitcoin wallet addresses that are listed alongside the names of their alleged owners.
In addition to the OFAC sanctions, the Treasury stated that three individuals—Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nikaeen Ravari—have been charged with the ransomware attack by the United States Attorney’s Office for the District of New Jersey. The state of New Jersey offers up to $10 million in rewards for information about those individuals.
The Treasury’s recent decision to add Tornado Cash—an Ethereum coin mixing tool designed to obscure the movement of crypto funds—to the sanctions list in August was preceded by today’s actions.
According to the Treasury, Tornado Cash has primarily been used to launder money, including stolen cryptocurrency funds. Like other decentralized apps, Tornado Cash operates autonomously through a programmed smart contract and is not run by people or a company.
As a result, the decision has sparked outrage from the cryptocurrency community and U.S. Representative Tom Emmer. The Treasury clarified its position on using Tornado Cash this week, noting that people who were sent funds via Tornado Cash without their consent (or “dusted”) will not be punished.