PWC, a reputable consulting firm with a global presence, has unearthed that BTC-e’s successor, WEX, was used to launder the illicit proceeds from the SamSam ransomware.

The consulting firm has indicated that Iranians who are behind the SamSam ransomware have links with the WEX cryptocurrency exchange. Details provided by PWC indicate that the connections helped them to easily move the illicit ransomware funds.

In November last year, the United States Department of Justice charged the Iranians, Mohammad Medhi Shah Mansouri and Faramarz Shashi Savandi, for their direct development and control of the SamSam ransomware.

They used the ransomware to hold public institutions including health centers hostage until they paid a specified amount in crypto. In the process, according to documents filed in court, the Iranians made away with more than 6 million U.S dollars while institutions held hostage were left recovering from losses amounting to more than 30 million U.S dollars.

Activities involving the SamSam ransomware saw Ali Khorashsdizadeh and Mohammad Ghorbaniyan who are also of Iranian origin, attract the attention of the Office of Foreign Assets Control which is under the United States Treasury Department.

The two were then accused of helping the original developers of the SamSam ransomware to launder their ill-gotten wealth.

Ali and Mohammad are linked to two other exchanges, Enexchanger and Iranvisacart, which support payments through WEX.

According to PWC:

The listed currency trading pairs [on Enexchanger] include various cryptocurrencies ad other digital currencies including WebMoney and Perfect Money. One of the cryptocurrency swaps offered is WEX-code to USD, which is a code that allows transferring of funds directly from WEX users.

Do you think the operators of the SamSam ransomware preferred using lesser known crypto exchanges since they lack comprehensive AML solutions?

Let us know your thoughts in the comments section below.