U.S. sanctions Garantex and Grinex for facilitating ransomware-linked crypto transactions

First reported

15.08.2025 14:27

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has renewed sanctions against Garantex and its successor, Grinex, for facilitating over $100 million in ransomware-linked illicit crypto transactions since 2019. The sanctions also target three Garantex executives and six associated companies in Russia and the Kyrgyz Republic. The Treasury's action follows previous sanctions against Garantex in April 2022 for facilitating transactions from darknet markets and illicit actors. Garantex was seized in March 2025, and its co-founder, Aleksej Besciokov, was arrested in India. Despite these actions, Garantex rebranded as Grinex to evade sanctions, continuing to process illicit transactions. Garantex and Grinex have been linked to various ransomware variants, including Conti, Black Basta, LockBit, NetWalker, Phoenix Cryptolocker, and Ryuk. The sanctions aim to disrupt the use of cryptocurrency exchanges to launder money and facilitate ransomware attacks, which pose threats to national security and the reputation of legitimate virtual asset service providers.

Timeline

15.08.2025 14:27 1 articles · 1mo ago

U.S. renews sanctions against Garantex and imposes sanctions on Grinex
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) renewed sanctions against Garantex and imposed new sanctions on Grinex for facilitating over $100 million in ransomware-linked illicit crypto transactions since 2019. The sanctions also target three Garantex executives and six associated companies in Russia and the Kyrgyz Republic. Garantex was first sanctioned in April 2022 and seized in March 2025, but it rebranded as Grinex to continue illicit activities. The sanctions aim to disrupt the use of cryptocurrency exchanges to launder money and facilitate ransomware attacks.
Show sources

U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
Open in new tab

Information Snippets

Garantex and Grinex have processed over $100 million in transactions linked to illicit activities since 2019.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
Garantex was first sanctioned in April 2022 for facilitating transactions from darknet markets and illicit actors.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
Garantex's website was seized in March 2025, and its co-founder, Aleksej Besciokov, was arrested in India.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
Garantex rebranded as Grinex to evade sanctions, continuing to process illicit transactions.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
Garantex and Grinex have been linked to various ransomware variants, including Conti, Black Basta, LockBit, NetWalker, Phoenix Cryptolocker, and Ryuk.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
The U.S. Department of State has announced rewards for information leading to the arrest of key leaders of Garantex.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
Garantex used the A7A5 token, issued by Old Vector, to facilitate transactions.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
A7A5 has been used to transfer up to $1 billion per day, with an aggregate value of $41.2 billion.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
Garantex's senior executives procured computer infrastructure, registered trademarks, and engaged in business development to appear legitimate.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
The U.S. Department of Justice seized over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle linked to ransomware activity.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27
Over $300 million in cryptocurrency assets linked to cybercrime and fraud schemes have been frozen.
First reported: 15.08.2025 14:27

1 source, 1 article
Show sources
- U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions — thehackernews.com — 15.08.2025 14:27

Summary

Timeline

U.S. renews sanctions against Garantex and imposes sanctions on Grinex

Information Snippets