US Treasury Blacklists Individuals Linked to Iranian Group
- The US Treasury has identified individuals accused of being involved in coordinated attacks against the United States.
- US citizens are now prohibited from dealing with any of the sanctioned individuals or crypto addresses.
The United States Treasury Department’s Office of Foreign Asset Control has blacklisted crypto addresses with suspected ties to an Iranian ransomware group to its list of Specially Designated Nationals. The list also featured two entities and 10 individuals. Following the sanction, US citizens are not allowed to engage with the affected individuals or groups.
The department claims that the affected individuals and organizations took part in coordinated ransomware attacks that have been directed at a variety of American businesses and organizations since at 2020. Some of the individuals were identified as employees or associates of Afkar System Yazd Company and Najee Technology Hooshmand Fater LLC.
As part of its secondary sanctions, OFAC identified seven Bitcoin (BTC) addresses that were allegedly linked to Ahmad Khatibi Aghada and Amir Hossein Nikaeed Ravar, two Iranian individuals. The Treasury Department claims that Khatibi has been connected to the Afkar System since 2007. Nikaeed was accused by the government agency of having leased and registered network infrastructure for the ransomware gang.
The US Treasury said it found ties between the Iranian military’s Islamic Revolutionary Guard Corps and the people and businesses in the ransomware group. The group allegedly executed different malicious cyber-enabled activities, including hacking into the computer network of a US-based children’s hospital and directing its attacks against U.S. and Middle Eastern defense, diplomatic, and government personnel.
Reacting to the event, Brian Nelson, undersecretary of the Treasury for Terrorism and Financial Intelligence, said,
Ransomware actors and other cybercriminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board — directly threatening the physical security and economy of the United States and other nations. We will continue to take coordination action with our global partners to combat and deter ransomware threats.
In a ransomware attack, hackers remotely lock computers using software faults. These hackers then send in messages for a ransom in exchange for access. Most of these payments are made in cryptocurrencies, which can be harder to trace than other digital payment methods.
Over $590 million in reported ransomware payments were made in the US in 2021 compared to $416 million in total in 2020. According to U.S. government estimates, these payments only make up a small portion of the economic damage brought on by hostile cyber activity.