US Sanctions Crypto Exchange Tied to Russian Ransomware

The U.S. Department of Treasury sanctioned Thursday a Russian founder and co-owners of the Garantex cryptocurrency exchange in a bid to tighten methods criminal hackers use to launder extortion money and Kremlin sanctions busting.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

Regulators also sanctioned Grinex, a Garantex successor launched after an international law enforcement operation in March seized Garantex servers and froze more than $26 million in illicit funds (see: US Feds Take Down Garantex, Indict Operators).

Garantex operators set up Grinex almost immediately after the police takedown, creating a Russian ruble-pegged digital asset to credit former Garantex customers with the amounts trapped in their frozen accounts. The token, A7A5, is issued by a Russian firm headed by a sanctioned Moldovan oligarch Ilan Mironovich Shor and backed by sanctioned Russian bank Promsvyazbank, Treasury said. The token is also now sanctioned, meaning that transactions involving it can’t go through any part of the U.S. financial system.

Blockchain analysis firm Chainalysis said Thursday the A7A5 token has processed through July more than $51.17 billion in transactions.

Garantex, originally registered in Estonia in 2019 but operating mainly from Russia, lost its license in 2022 after regulators flagged significant anti-money laundering failures and ties to criminal wallets. Garantex processed more than $100 million in transactions tied to illicit activities including from the proceeds of ransomware attacks involving threat groups like Conti, Black Basta, LockBit, NetWalker and Phoenix Cryptolocker. It provided account and exchange services to actors linked to the Ryuk ransomware gang. The Russian government has used cryptocurrency to evade sanctions launched after its February 2022 invasion of Ukraine.

The U.S. announced enforcement actions against six associated companies in Russia and the Kyrgyz Republic that supported the exchange. Treasury also sanctioned Garantex co-founder Sergey Mendeleev, chief commercial officer Aleksandr Mira Serda and regional director Pavel Karavatsky. U.S. federal prosecutors indicted Serda in February.

Analysis by TRM Labs published in March attributed 70% of cryptocurrency volumes to and from sanctioned entities and jurisdictions to Garantex.

The police operation did not halt that activity, TRM said. “Instead, Garantex’s leadership quickly activated a contingency plan that appears to have been in place for months,” likely an indicator that its operators had foreknowledge of the takedown, the blockchain analysis company said.

Promotional materials for Grinex describe it as a direct response to the sanctions and asset freezes imposed on Garantex.

“Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also tarnishes the reputations of legitimate virtual asset service providers,” Under Secretary of the Treasury for Terrorism and Financial Intelligence John Hurley said in a statement.