Big four occupation cluster Price Waterhouse Coopers (PwC) has issued a special bulletin connecting the Iranian nationals behind the infamous SamSam ransomware to the unbelievably ill-fated cryptocurrency exchange WEX (formerly BTC-e).
The report alleges SamSam creators Faramarz monarchi Savandi and Mohammed Mehdi Shah Mansouri used the WEX exchange service to launder sizable chunks of the $6 million in Bitcoin $BTC▼0.44% generated throughout their 34-month-long international hacking and extortion spree.
“We knew this Iranian concealing operation as having links with currency exchange WEX (previously called BTC-e),” declared PwC. “WEX is most notably familiar for its alleged involvement in a wash of some $4 billion, transferring of funds to facilitate operations of the threat actor tracked by PwC as Blue Pallas Athene, and being liable for cashing out 80 p.c of all ransomware payments created since 2014.”
The WEX affiliation
Leveraging info revealed by the North American nation Department of the Treasury’s workplace of Foreign Assets Management (OFAC), PwC was able to link the SamSam pair to the WEX cryptocurrency exchange.
The report explicitly lists people antecedently named by OFAC as primary Bitcoin launderers for the SamSam hackers. PwC ties Mohammed Ghorbaniyan and Ali Khorashadizadeh to services related to WEX, also a secondary exchange in the Slovak Republic.
In fact, Mohammed Ghorbaniyan became the sole contact for an internet site known as enexchanger[.]com. The listed commerce pairs on “exchanger” embrace preposterously incomplete “currencies” like WebMoney and excellent cash.
“One of the cryptocurrency swaps offered is WEX-code to USD, that may be a code that permits transferring of funds directly from wex[.]nz (WEX) users,” PwC’s report declared. “Both criminal and nation-state threat related to the currency exchange BTC-e/WEX.”
PwC explained regarding this issue:
“We have known this Iranian concealing operation as having links with currency exchange WEX (previously called BTC-e). WEX is most notably familiar for its alleged involvement within the threat actor tracked by PwC as Blue Pallas Athene and being liable for cashing out 80p.c of all ransomware payments created since 2014.”
PwC additionally noted that the employment of Iran and Slovakia-based exchanges indicate threat actors favor the mistreatment of “lesser-known” currency exchanges to launder dirty cryptocurrency, as additional well-liked exchanges tend to possess compliance programs to discover illicit activities.
Indeed, cryptocurrency researchers found that exchanges in countries with little to no rules in place to curtail digital concealment received 37 times more Bitcoin from criminally linked teams than those with cheap rules.
PwC mentions that WEX claims not to be associated with BTC-e; however, there are many similarities between these exchanges. For example, they have nearly identical commerce pairs, and all users were migrated to the new platform.
According to some findings, exchanges that settled in countries with little-to-no rules regarding virtual currencies and blockchain technology received 37 times more Bitcoin from criminal teams than exchanges in countries with higher regulatory frameworks.
It is extremely suggested for users plagued by this ransomware to not pay the funds requested by the attackers. might|this might} encourage them to continue acting in these embezzled activities, and it could additionally violate North American national sanctions.