Treasury Blacklists Bitcoin Addresses Linked to Iranian Ransomware Group

US Treasury’s Office of Foreign Assets Control (OFAC) today issued sanctions against 10 individuals and two companies associated with a ransomware group linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) – and blocked their Bitcoin wallet addresses as well.

According to the department, the individuals and entities added to the government’s sanctions list participated in coordinated ransomware attacks that have targeted numerous US-based companies and organizations since at least 2020.

Ransomware is a type of attack in which hackers remotely lock down a computer or network by exploiting software bugs, then demand payment to unlock access. Typically, these payments are made in cryptocurrency, which can be more difficult to track than other digital payment methods, despite the transparency of blockchainnetwork which Bitcoin.

Treasury officials say the Iranian group’s U.S. targets included a children’s hospital, a New Jersey town, a rural electric power company and a number of other businesses. The individuals have been identified as employees or associates of Najee Technology Hooshmand Fater LLC and Afkar System Yazd Company.

By placing the alleged attackers and their business entities on OFAC’s sanctions list, US citizens and companies are now prohibited from interacting with them. It includes the Bitcoin wallet addresses that are listed next to their alleged owners’ names.

In addition to the OFAC sanctions, the Treasury Department also said that three of the individuals – Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nikaeen Ravari – have been charged by the US Attorney’s Office for the District of New Jersey in connection with the ransomware attack. The state of New Jersey is offering rewards of up to $10 million for information related to these individuals.

Today’s move follows the Treasury’s recent decision to add Tornado Cash-one Ethereum coin mixing tool designed to hide the movement of crypto funds – to the sanctions list in August.

Treasury claims that Tornado Cash has primarily been used to launder money, including stolen crypto funds. But, like others decentralized appsTornado Cash runs autonomously via a programmed smart contractand is not run by individuals or a company.

The decision has been particularly divisive, as a result, drawing criticism not only from across the crypto world, but also question from US representative Tom Emmer. Amidst the backlash, the Treasury this week clarified his position on using Tornado Cash, and noted that people who were sent funds via Tornado Cash without their consent (or “the dust”) will not be penalized.