WASHINGTON, Sept. 27 — In a significant move to combat cybercrime, the U.S. Treasury Department has imposed sanctions on two cryptocurrency exchanges accused of laundering funds for Russian ransomware gangs. This step is part of a broader international campaign to clamp down on Russian cybercrime operations and disrupt the financial networks that support them.
Cryptex and PM2BTC at the Center of Sanctions
The Office of Foreign Assets Control (OFAC) announced sanctions against Cryptex and PM2BTC, two virtual currency exchanges that have played a role in laundering proceeds from various ransomware operations. OFAC’s investigation revealed that Cryptex laundered more than $51 million linked to ransomware attacks and has facilitated transactions totaling over $720 million with services frequently used by Russian ransomware actors and cybercriminals.
Meanwhile, PM2BTC is alleged to have laundered digital currency linked to Russian ransomware activities. It is also accused of facilitating conversions between cryptocurrencies and the Russian ruble through U.S.-sanctioned financial institutions, all while failing to uphold anti-money laundering regulations.
The action against these exchanges reflects an intensifying effort by U.S. and allied authorities to target financial enablers of transnational cybercrime, particularly those connected to Russia, which is seen as a haven for various cybercriminal networks.
The Man Behind the Money — Sergey Ivanov
Central to this web of illicit activity is Sergey Sergeevich Ivanov, known as “Taleon.” According to U.S. authorities, Ivanov has facilitated the laundering of hundreds of millions of dollars over the past two decades for a wide array of threat actors, including ransomware operators, darknet marketplace vendors, and initial access brokers—individuals who breach computer systems and then sell access to other criminals. Ivanov is also associated with UAPS and PinPays, two entities implicated in facilitating cybercrime and money laundering.
“Ivanov represents a significant figure in the underground economy of cybercrime,” a U.S. official noted, highlighting his longstanding involvement in ransomware operations. The U.S. Department of State, through its Transnational Organized Crime Rewards Program, has announced a reward of up to $10 million for information leading to the arrest or conviction of Ivanov or his associate Timur Shakhmametov.
Seizures and International Coordination
In conjunction with the sanctions, the U.S. Secret Service and Dutch authorities took steps to seize web domains and infrastructure linked to PM2BTC, UAPS, and Cryptex. This seizure is intended to disrupt the operational capabilities of these entities and prevent them from continuing to facilitate illegal financial transactions.
The recent sanctions and seizures are part of a larger international effort involving U.S. government agencies and foreign law enforcement, particularly under Operation Endgame. This initiative aims to dismantle Russian cybercrime networks and disrupt the global infrastructure supporting illicit online activities.
“This is a concerted global effort to target those who enable and profit from the cybercrime economy,” an official involved in the operation said.
Impact on U.S. and International Financial Transactions
As a result of the sanctions, U.S. individuals and organizations are now prohibited from engaging in any form of transaction with Ivanov, PM2BTC, or Cryptex. Any assets they hold within U.S. jurisdiction will be frozen, and both U.S. financial institutions and any foreign entities that engage in transactions with the sanctioned parties may face serious penalties.
These measures are designed not only to isolate the individuals and organizations involved but also to send a clear message to those who might facilitate such cybercrimes. The crackdown on cryptocurrency exchanges associated with ransomware and other cybercriminal activity represents an escalation in U.S. and international efforts to target the financial systems that sustain these criminal operations.
While sanctions alone may not entirely dismantle sophisticated ransomware networks, they represent a significant blow to their ability to access and move funds. Authorities expect that the move will disrupt the ability of Russian cybercriminal groups to profit from their activities and will serve as a warning to other financial enablers.
Further developments are anticipated as international cooperation intensifies and additional actors within the network are identified.