The Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned a China-based cybersecurity company and one of its employees, saying they played a role in an April 2020 compromise of about 81,000 firewalls owned by thousands of businesses worldwide.
The sanctioned parties are Sichuan Silence Information Technology Company and its employee Guan Tianfeng, who is also based in China, the Treasury Department said in a Tuesday (Dec. 10) press release.
Guan Tianfeng discovered a zero-day exploit in a firewall product and used it to deploy malware to the firewalls, aiming to steal data like usernames and passwords, and to try to infect victims’ systems with the Ragnarok ransomware variant, according to the release.
The compromised firewalls included more than 23,000 in the United States, 36 of which were protecting the systems of critical infrastructure companies, per the release.
“Today’s action underscores our commitment to exposing these malicious cyber activities — many of which pose significant risk to our communities and our citizens — and to holding the actors behind them accountable for their schemes,” Bradley T. Smith, undersecretary of the Treasury for terrorism and financial intelligence, said in the release.
Two other U.S. agencies also announced actions related to this case.
The Department of Justice said Tuesday that a federal court unsealed an indictment charging Guan Tianfeng for conspiracy to develop and deploy the malware.
The Department of State announced a Rewards for Justice reward offer of up to $10 million for information about Guan Tianfeng or Sichuan Silence, saying that Guan put American lives at risk with his deployment of malware to critical infrastructure companies and that he attempted to infect victims’ systems with ransomware.
Cybercriminals are increasingly targeting businesses, not individuals, with ransomware attacks in the hopes of capturing a bigger payday.
Between early 2023 and mid-June 2024, ransomware inflows rose to a record-breaking $459.8 million, with the median ransom payment in these attacks leaping from about $200,000 to $1.5 million.
Businesses, particularly in sectors like healthcare, finance and critical infrastructure, possess vast amounts of sensitive data — the loss of which could have catastrophic consequences, PYMNTS reported in August.