PwC Report Shows Crypto Exchange WEX is Linked with Bitcoin Ransomware Hackers of SamSam
One of the big four accountancy companies PricewaterhouseCooper (PwC) released a bulletin in which it provides some information regarding the WEX (previously called BTC-e) exchange. As reported by The Next Web, Iranian nationals behind the SamSam ransomware have been linked to the cryptocurrency platform.
As per the report, SamSam founders Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were using the exchange in order to launder Bitcoin they gathered in a period of 34 months. PwC’s bulletin informs that they laundered sizable amounts of $6 million Bitcoin (BTC).
According to reports released by the U.S. Department of Justice (DOJ), the SamSam ransomware campaign generated losses of $30 million in the United States and Canada. There were institutions hit by these scammers, including hospitals and municipalities.
PwC explained about this issue:
“We identified this Iranian money laundering operation as having links with currency exchange WEX (previously known as BTC-e). WEX is most notably known for its alleged involvement in the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95 percent of all ransomware payments made since 2014.”
Once the ransomware infected the computers of the victims, attackers were requesting a payment to be done in Bitcoin to release the files blocked. As soon as the attackers received the funds, they were able to exchange them for their local currency in an exchange located in their country. During 2017, these two individuals released new versions of the ransomware.
WAXis a cryptocurrency exchange that was launched back in 2017. Before, authorities in Greece and the United States arrested the administrator of the exchange and its co-founder, Alexander Vinnik.
There are several accusations related to BTC-e being a platform for money laundering activities. The exchange was one of the oldest in Russia and could have laundered more than $4 billion in Bitcoin between 2014 and 2017. Surprisingly, some Mt. Gox funds could have been laundered through this exchange. Additionally, TNW explains that 95 percent of all the ransomware payments made during these years passed through this platform.
PwC mentions that WEX claims not to be related to BTC-e but there are several similarities between these exchanges. For example, there are almost identical trading pairs, and all the users were migrated to the new platform.
According to some findings, exchanges that are located in countries with little-to-no rules in terms of virtual currencies and blockchain technology received 36 times more Bitcoin from criminal groups than exchanges in countries with better regulatory frameworks.
It is highly recommended for users affected by this ransomware not to pay the funds requested by the attackers. This could encourage them to keep performing these illegal activities and it could also violate US sanctions.