Menu Home

OFAC makes multiple cyber-related sanctions additions and updates

OFAC has added the following persons:

POLYANIN, Yevgeniy Igorevich (Cyrillic: ПОЛЯНИН, Евгений Игоревич) (a.k.a. POLIANIN, Evegnii Igorevich; a.k.a. POLYANIN, Evgenii Igorevich; a.k.a. POLYANIN, Evgeniy; a.k.a. POLYANIN, Evgeniy Igorevich), Baltiiskaya 63-16, Barnaul 656058, Russia; DOB 04 Mar 1993; POB Russia; nationality Russia; Gender Male; Digital Currency Address - XBT 158treVZBGMBThoaympxccPdZPtqUfYrT9; alt. Digital Currency Address - XBT 389Sft4nJFkPGhbagk9FN4jXncA9piYTuU; alt. Digital Currency Address - XBT 39Te8MbphSgs7npDJPj2hbNzhke61NTcnB; alt. Digital Currency Address - XBT 31p6woV4e55HUfC2aGynFhzQnGoJFW26cD; alt. Digital Currency Address - XBT 3DNsaQnaUz7wkQny1ZDSmtz6QfbEShxoDD; alt. Digital Currency Address - XBT 3AjyprBY5yhijiCjUC5NUJutGbwhd3AQdE; Digital Currency Address - USDT 0xfec8a60023265364d066a1212fde3930f6ae8da7; Passport 0118665722 (Russia); Driver's License No. 2202811729 (Russia) (individual) [CYBER2]. 

VASINSKYI, Yaroslav (Cyrillic: ВАСИНСКИЙ, Ярослав), Ukraine; DOB 20 Oct 1999; POB Ukraine; citizen Ukraine; Gender Male; Digital Currency Address - XBT 35QpLWYkvD3ALhjbge5bK2kd7HfHYcDMu3; alt. Digital Currency Address - XBT 3NQ1aa9ceirMJ1JvRq3eXefvXj1L639fzX; alt. Digital Currency Address - XBT 3BsyZ7qRFSi3NsaoV1Ff724qAgrEpjVUHm; alt. Digital Currency Address - XBT 372Wk9NLrMkJzKgqJdatWJy4bYRfxFjgat (individual) [CYBER2].

and entities:

CHATEX, Estonia; Latvia; Saint Vincent and the Grenadines; Website chatex.com; Digital Currency Address - XBT 3E7YbpXuhh3CWFks1jmvWoV8y5DvsfzE6n; alt. Digital Currency Address - XBT 3NRJ8aXdUiZdHaiFX9ePX3DhGHzcEi14Fq; alt. Digital Currency Address - XBT 3K7PMJyMNVnxqsfpmK9r9nJDtzDw9wNwNV; alt. Digital Currency Address - XBT 3H3rh85qPaGLy2w6618yZNaH7i8asHv46B; alt. Digital Currency Address - XBT 3MTrJTFhYK9v1C6pjHtuweZSopfZa4b1wb; alt. Digital Currency Address - XBT 347QFbejDBdMZFTxpmn6evvvqyXiqZTCd7; alt. Digital Currency Address - XBT 33xWfziVZesgo83U5izdNCBVTnrtBpSwK7; alt. Digital Currency Address - XBT 32wdqwX3zCEX3DhAVEcKwXCEGdzgBnx1R9; alt. Digital Currency Address - XBT 3N9YcPBDky9UsMx1RTk33tL4jDkZfSnsPk; alt. Digital Currency Address - XBT bc1q90zrdysy4flyacw7hsury3ajs9yzwtwp6guqpypx94w0d3p58hysvz6pde; alt. Digital Currency Address - XBT bc1qw7vfgv3r5vnehafl0y95sclg3uqsj87wxs9ad628yjjcq33cwessr6ndyw; alt. Digital Currency Address - XBT bc1q86tl9255vg5wldamfymaaz36uqxzm30gs7fhkljvzdlt9t38s3lqgdwdfq; alt. Digital Currency Address - XBT 3M7CGBPUJwXXSroWuZ6H5jiprdKCyf7V5M; alt. Digital Currency Address - XBT 34kWCKF2wCbe6uinit2uL4ND6d8yxsuxKM; alt. Digital Currency Address - XBT bc1qe95l438kzjcvnsm3kn8n5augf9gpctdlhsq7f7hpnkyvlr7rc7cqupapf7; alt. Digital Currency Address - XBT 32VgTk8kGvBsqkHhkvtNooGdtqZm46jTVo; alt. Digital Currency Address - XBT 3NPognMSbzyA2JYW2fpkVKWyBMi2XTq2Zt; alt. Digital Currency Address - XBT 3MzLtBQ4Lz9J6w4Qu55TktgxFKZwxYWrP6; alt. Digital Currency Address - XBT 36YGN5dGzqrxMomTHdkT6cYVMnWBw8S7hD; alt. Digital Currency Address - XBT bc1q4rzdtlt0uslyw86cp29sctl6ct29g9a95cuup7pn5md9ddj7xgmqpp5m73; alt. Digital Currency Address - XBT 39KQvziHwUe2vddbpfC5WkQEV72qbQhxuh; alt. Digital Currency Address - XBT 3Qw9Fn19gCnga9LfHfpM99aGzuqxBNjR2i; Digital Currency Address - ETH 0x67d40EE1A85bf4a4Bb7Ffae16De985e8427B6b45; alt. Digital Currency Address - ETH 0x6f1ca141a28907f78ebaa64fb83a9088b02a8352; alt. Digital Currency Address - ETH 0x6acdfba02d390b97ac2b2d42a63e85293bcc160e; alt. Digital Currency Address - ETH 0x48549a34ae37b12f6a30566245176994e17c6b4a; alt. Digital Currency Address - ETH 0x5512d943ed1f7c8a43f3435c85f7ab68b30121b0; alt. Digital Currency Address - ETH 0xc455f7fd3e0e12afd51fba5c106909934d8a0e4a; Organization Established Date 2018; Digital Currency Address - USDT 3LtcaPbCj87CwJHnRX3vh7c2y9RZQqeSy8; Digital Currency Address - XRP rnXyVQzgxZe7TR1EPzTkGj2jxH4LMJYh66 [CYBER2]. 

CHATEXTECH SIA, Ganibu dambis 26A, 1005, Riga, Latvia; Website chatextech.com; V.A.T. Number LV40203285832 (Latvia); Registration Number 40203285832 (Latvia) [CYBER2].

HIGHTRADE FINANCE LTD, Suite 305, Griffith Corporate Centre, Kingstown, Saint Vincent and the Grenadines; Registration Number 23905 IBC 2017 (Saint Vincent and the Grenadines) [CYBER2].

IZIBITS OU (Latin: IZIBITS OÜ), Harju maakond, Kesklinna linnaosa, Roseni tn 13, Tallinn, Estonia; Registration Number 14407679 (Estonia) [CYBER2].

POLYANIN EVGENII IGOREVICH IP (Cyrillic: ИП ПОЛЯНИН ЕВГЕНИЙ ИГОРЕВИЧ), Barnaul, Russia; Organization Established Date 12 May 2019; Tax ID No. 222262509862 (Russia); Business Registration Number 319222500100953 (Russia) [CYBER2].

to its cyber-related sanctions program, while making changes to the following existing designations:

LIFSHITS, Artem Mikhaylovich (Cyrillic: ЛИФШИЦ, Артем Михайлович), Primorsky Prospect 159, Saint Petersburg 197374, Russia; DOB 26 Dec 1992; nationality Russia; Email Address mycryptodeals@yandex.ru; alt. Email Address artemlv@hotmail.com; Gender Male; Digital Currency Address - XBT 12udabs2TkX7NXCSj6KpqXfakjE52ZPLhz; alt. Digital Currency Address - XBT 1DT3tenf14cxz9WFNxmYrXFbB6TFiVWA9U; Digital Currency Address - ETH 0x901bb9583b24d97e995513c6778dc6888ab6870e; alt. Digital Currency Address - ETH 0xa7e5d5a720f06526557c513402f2e6b5fa20b00; Phone Number 79110354982; Digital Currency Address - LTC Leo3j36nn1JcsUQruytQhFUdCdCH5YHMR3; Digital Currency Address - DASH Xs3vzQmNvAxRa3Xo8XzQqUb3BMgb9EogF4; Passport 719032284 (individual) [CYBER2] [ELECTION-EO13848]. -to- LIFSHITS, Artem Mikhaylovich (Cyrillic: ЛИФШИЦ, Артем Михайлович), Primorsky Prospect 159, Saint Petersburg 197374, Russia; DOB 26 Dec 1992; nationality Russia; Email Address mycryptodeals@yandex.ru; alt. Email Address artemlv@hotmail.com; Gender Male; Digital Currency Address - XBT 12udabs2TkX7NXCSj6KpqXfakjE52ZPLhz; alt. Digital Currency Address - XBT 1DT3tenf14cxz9WFNxmYrXFbB6TFiVWA9U; Digital Currency Address - ETH 0x901bb9583b24d97e995513c6778dc6888ab6870e; alt. Digital Currency Address - ETH 0xa7e5d5a720f06526557c513402f2e6b5fa20b008; Phone Number 79110354982; Digital Currency Address - LTC Leo3j36nn1JcsUQruytQhFUdCdCH5YHMR3; Digital Currency Address - DASH Xs3vzQmNvAxRa3Xo8XzQqUb3BMgb9EogF4; Passport 719032284 (individual) [CYBER2] [ELECTION-EO13848]. 

SOUTHFRONT (a.k.a. SOUTH FRONT; a.k.a. SOUTHFRONT: ANALYSIS & INTELLIGENCE), Russia; Website southfront.org; Digital Currency Address - XBT 3Gbs4rjcVUtQd8p3CiFUCxPLZwRqurezRZ; Digital Currency Address - ETH 0x9f4cda013e354b8fc285bf4b9a60460cee7f7ea9; Organization Type: News agency activities; Digital Currency Address - BCH qpf2cphc5dkuclkqur7lhj2yuqq9pk3hmukle77vhq [NPWMD] [CYBER2] [ELECTION-EO13848] (Linked To: FEDERAL SECURITY SERVICE). -to- SOUTHFRONT (a.k.a. SOUTH FRONT; a.k.a. SOUTHFRONT: ANALYSIS & INTELLIGENCE), Russia; Website southfront.org; alt. Website maps.southfront.org; Digital Currency Address - XBT 3Gbs4rjcVUtQd8p3CiFUCxPLZwRqurezRZ; alt. Digital Currency Address - XBT bc1qv7k70u2zynvem59u88ctdlaw7hc735d8xep9rq; alt. Digital Currency Address - XBT bc1qw4cxpe6sxa5dg6sdwxjph959cw6yztrzl4r54s; Digital Currency Address - ETH 0x9f4cda013e354b8fc285bf4b9a60460cee7f7ea9; alt. Digital Currency Address - ETH 0x3cbded43efdaf0fc77b9c55f6fc9988fcc9b757d; Digital Currency Address - XMR 884Bz8UH63aYsjVdkfWfScRYWZGGNbjFL7pztqvWNSrtYT4reFSwyvkCj9KEGUtheHhhMUj87ciTBFyzoesrMJ4L1FvSoxL; alt. Digital Currency Address - XMR 49HqitRzdnhYjgTEAhgGpCfsjdTeMbUTU6cyR4JV1R7k2Eej9rGT8JpFiYDa4tZM6RZiFrHmMzgSrhHEqpDYKBe5B2ufNsL; Organization Type: News agency activities; Digital Currency Address - BCH qpf2cphc5dkuclkqur7lhj2yuqq9pk3hmukle77vhq; alt. Digital Currency Address - BCH qzjv8hrdvz6edu4gkzpnd4w6jc7zf296g5e9kkq4lx; alt. Digital Currency Address - BCH qq3vlashthktqpeppuv7trmw070e3mydgq63zq348v [NPWMD] [CYBER2] [ELECTION-EO13848] (Linked To: FEDERAL SECURITY SERVICE).

And Treasury issued a press release:

PRESS RELEASES

Treasury Continues to Counter Ransomware as Part of Whole-of-Government Effort; Sanctions Ransomware Operators and Virtual Currency Exchange

November 8, 2021

FinCEN Updates Ransomware Advisory

OFAC Sanctions Two Ransomware Operators and a Virtual Currency Exchange Network for the Kaseya Incident and Laundering Cyber Ransoms 

WASHINGTON — Continuing the Administration’s whole-of-government effort to counter ransomware, the U.S. Department of the Treasury today announced a set of actions focused on disrupting criminal ransomware actors and virtual currency exchanges that launder the proceeds of ransomware. Treasury’s actions today advance the Biden Administration’s counter-ransomware efforts to disrupt ransomware infrastructure and actors and address abuse of the virtual currency ecosystem to launder ransom payments.

“Ransomware groups and criminal organizations have targeted American businesses and public institutions of all sizes and across sectors, seeking to undermine the backbone of our economy,” said Deputy Secretary of the Treasury Wally Adeyemo. “We will continue to bring to bear all of the authorities at Treasury’s disposal to disrupt, deter, and prevent future threats to the economy of the United States. This is a top priority for the Biden Administration.”

Ransomware incidents have disrupted critical services and businesses globally, as well as schools, government offices, hospitals and emergency services, transportation, energy, and food companies. Reported ransomware payments in the United States so far have reached $590 million in the first half of 2021, compared to a total of $416 million in 2020. The perpetrators behind these ransomware incidents seek to harm the United States and extort the American people and our allies. Those who provide financial services to, or facilitate money laundering for, ransomware actors enable this illegal activity.

While most virtual currency activity is licit, virtual currency remains the primary mechanism for ransomware payments, and certain unscrupulous virtual currency exchanges are an important piece of the ransomware ecosystem. The United States urges the international community to effectively implement international standards on anti-money laundering/countering the financing of terrorism (AML/CFT) in the virtual currency area, particularly regarding virtual currency exchanges.

Today’s coordinated action with several U.S. government and foreign partners demonstrates how Treasury’s international partnerships enhance the ability to detect and disrupt, across continents and technologies, the illicit financial activities of those who seek to harm people’s livelihoods, savings, and futures for private gain.

DESIGNATION OF A VIRTUAL CURRENCY EXCHANGE AND NETWORK FOR COMPLICIT FINANCIAL SERVICES

Today’s actions include the designation of Chatex, a virtual currency exchange, and its associated support network, for facilitating financial transactions for ransomware actors. Chatex, which claims to have a presence in multiple countries, has facilitated transactions for multiple ransomware variants. Analysis of Chatex’s known transactions indicate that over half are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware. Chatex has direct ties with SUEX OTC, S.R.O. (Suex), using Suex’s function as a nested exchange to conduct transactions. Suex was sanctioned on September 21, 2021, for facilitating financial transactions for ransomware actors. Chatex is being designated pursuant to Executive Order (E.O.) 13694, as amended, for providing material support to Suex and the threat posed by criminal ransomware actors.

Additionally, OFAC is designating IZIBITS OUChatextech SIA, and Hightrade Finance Ltd for providing material support and assistance to Chatex, pursuant to E.O. 13694, as amended. These three companies set up infrastructure for Chatex, enabling Chatex operations.

Complementing this action, the Department of State announced a Transnational Organized Crime Reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold a key leadership position in the Sodinokibi/REvil ransomware variant transnational organized crime group (22 U.S.C. §2708(b)(6)). The Department of State also announced a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.

Following an inspection by Latvia’s State Revenue Service, Latvian government authorities have suspended with immediate effect the operations of Chatextech; assessed a fine for breaches of company registration and business conduct laws and regulations; and will identify current and former Chatextech board members, all non-Latvian nationals, in Latvia’s registry of high-risk individuals. In addition, the Estonian Financial Intelligence Unit has revoked the license of Izibits OU after working with the United States to identify the activities of entities being designated today.

Unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities, especially by laundering and cashing out the proceeds for criminals. Treasury will continue to use all available authorities to disrupt malicious cyber actors, block ill-gotten criminal proceeds, and deter additional actions against the American people. Treasury benefitted immensely from close coordination with our partners across Latvian and Estonian government agencies, including their information sharing and swift action.

DESIGNATION OF TWO RANSOMWARE OPERATORS

OFAC is designating Ukrainian Yaroslav Vasinskyi (Vasinskyi) and Russian Yevgeniy Polyanin (Polyanin) for their part in perpetuating Sodinokibi/REvil ransomware incidents against the United States. Vasinskyi deployed ransomware against at least nine U.S. companies. Vasinskyi is also responsible for the July 2021 ransomware activity against Kaseya, which caused significant disruptions to the computer networks of Kaseya’s customer base. Polyanin also deployed ransomware, targeting several U.S. government entities and private-sector companies. These two individuals are part of a cybercriminal group that has engaged in ransomware activities and received more than $200 million in ransom payments paid in Bitcoin and Monero. OFAC is also designating a company owned by Polyanin, pursuant to E.O. 13694 as amended. Malicious cyber activities against the U.S. government and private sector will be aggressively investigated and pursued. Companies are encouraged to report all ransomware incidents to law enforcement, as well as any payments with a potential sanctions nexus to OFAC, and strengthen their cyber defense posture.

SANCTIONS IMPLICATIONS

As a result of today’s designation, all property and interests in property of the designated targets that are subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. Today’s action does not implicate a sanctions nexus to any particular Ransomware-as-a-Service (RaaS) or variant.

FINCEN RELEASES UPDATED ADVISORY ON RANSOMWARE AND THE USE OF THE FINANCIAL SYSTEM TO FACILITATE RANSOM PAYMENTS 

In addition, the Financial Crimes Enforcement Network (FinCEN) is releasing an update today to its 2020 Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments. The updated Advisory reflects information released by FinCEN in its Financial Trend Analysis Report discussing ransomware trends, issued on October 15, 2021, and includes information on current trends and typologies of ransomware and associated payments as well as recent examples of ransomware incidents. The updated Advisory also sets out financial red flag indicators of ransomware-related illicit activity to assist financial institutions, including virtual currency service providers, in identifying and reporting suspicious transactions associated with ransomware payments, consistent with their obligations under the Bank Secrecy Act.

Click here to view identifying information on the individuals and entities designated today.

Click here to view FinCEN’s Updated Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments.

FOR MORE INFORMATION ON RANSOMWARE

Please visit StopRansomware.gov, a one-stop resource for individuals and organizations of all sizes to reduce their risk of ransomware incidents and improve their cybersecurity resilience. This webpage brings together tools and resources from multiple federal government agencies under one online platform. Learn more about how ransomware works, how to protect yourself, how to report an incident, and how to request technical assistance.

Links:

OFAC Notice

Treasury Press Release

Categories: Cyber sanctions OFAC Updates Sanctions Lists

eric9to5

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: