CyberHappenings logo
☰
🏠 Home 📂 Browse ℹī¸ About

U.S. Sanctions Garantex and Grinex for Facilitating Ransomware Transactions

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has renewed sanctions against Garantex and imposed new sanctions on its successor, Grinex, for facilitating over $100 million in ransomware-linked illicit crypto transactions since 2019. The sanctions also target three executives of Garantex and six associated companies in Russia and the Kyrgyz Republic. The Treasury noted that Garantex has been involved in processing transactions for multiple ransomware variants, including Conti, Black Basta, LockBit, NetWalker, Phoenix Cryptolocker, and Ryuk. Grinex, which is believed to be a rebranding of Garantex, has facilitated billions of dollars in cryptocurrency transactions since its inception in December 2024. The sanctions aim to disrupt the financial operations of these entities and prevent them from continuing to support cybercrime and sanctions evasion.

Timeline

  1. 15.08.2025 14:27 📰 1 articles

    U.S. Renews Sanctions Against Garantex and Imposes New Sanctions on Grinex

    The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) renewed sanctions against Garantex and imposed new sanctions on Grinex for facilitating over $100 million in ransomware-linked illicit crypto transactions since 2019. The sanctions also target three executives of Garantex and six associated companies in Russia and the Kyrgyz Republic. The Treasury noted that Garantex has been involved in processing transactions for multiple ransomware variants, including Conti, Black Basta, LockBit, NetWalker, Phoenix Cryptolocker, and Ryuk. Grinex, which is believed to be a rebranding of Garantex, has facilitated billions of dollars in cryptocurrency transactions since its inception in December 2024. The sanctions aim to disrupt the financial operations of these entities and prevent them from continuing to support cybercrime and sanctions evasion.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

U.S. sanctions Southeast Asian cyber scam operations targeting Americans

The U.S. Department of the Treasury has sanctioned multiple cyber scam operations in Southeast Asia, primarily in Burma and Cambodia, which collectively stole over $10 billion from Americans in 2024. These operations use forced labor, human trafficking, and violence, operating as modern slavery farms. The scams involve romance baiting and fake cryptocurrency investments. The financial damage increased by 66% compared to 2023. The sanctions target 19 entities and individuals, including those linked to the Karen National Army (KNA) in Burma and various organized crime networks in Cambodia. The sanctions block these entities from the U.S. financial system and limit their access to international financial services. The cybercriminal syndicates in Southeast Asia are estimated to net nearly $40 billion annually in illicit profits. In May, OFAC targeted Funnull Technology Inc. and its administrator Liu Lizhi for their part in romance scams that caused more than $200 million in losses. In July, Cambodian law enforcement raided several cyber-scam centers, arresting more than 1,000 people, the majority of whom were foreign nationals. The UNODC reported that the cybercriminal operations in the region netted $40 billion in 2024, a significant fraction of the GDPs of many nations in the region. Interpol reported arrests of more than 1,200 cyber- and financial criminals in Africa, many of whom were foreign nationals from Southeast Asia conducting similar operations.

Open in new tab

North Korean actors exploit fake employee identities to infiltrate companies

North Korean state-sponsored hackers have infiltrated companies by using fake or stolen identities to secure IT jobs. These actors have stolen virtual currency and funneled money to North Korea's weapons program. The practice has grown with the rise of remote work and AI, posing significant security risks to organizations. The Justice Department has disrupted several laptop farms enabling these activities, but the threat persists. The U.S. Treasury has imposed sanctions on individuals and entities involved in the scheme, highlighting the use of AI to create convincing professional backgrounds and technical portfolios. Organizations are advised to enhance supervision, access governance, and use AI tools to detect and mitigate these insider threats. Japan, South Korea, and the United States are cooperating to combat North Korean IT worker fraud schemes. The joint forum held on Aug. 26 in Tokyo aimed to improve collaboration among the three countries. The scheme involves thousands of operatives and facilitators with distinct roles, including setting up laptop farms, contacting recruiters, and processing stolen information. The North Korean remote-worker scheme has collected more than $88 million over six years. The number of North Korean operatives infiltrating companies by posing as remote IT workers has increased by 220% year-over-year. North Korean operatives have used AI-generated profiles, deepfakes, and real-time AI manipulation to pass interviews and vetting protocols. American accomplices have operated laptop farms to provide North Korean operatives with physical US setups, company-issued machines, and domestic addresses and identities. The threat of hiring fraud is escalating quickly, with over 320 cases of North Korean operatives infiltrating companies reported in August 2025.

Open in new tab