BlackSuit Ransom Gang Taken Down

Uploaded on 2025-08-20 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Over $370 million worth of crypto-currency assets stolen by or on behalf of the notorious Russian linked BlackSuit ransomware gang earlier known as Royal, were seized ahead of a multi-national takedown operation, led by US law enforcement.

The BlackSuit group shut down the city of Dallas and successfully attacked more than 450 entities in the US since emerging in 2022. Now, the ransomware gang’s darknet extortion sites have been seized in an operation involving police from more than nine countries including Germany, France and the United Kingdom.

A splash page replaced the gang’s list of victims on its main TOR domain as well as its private negotiation pages, stating these sites were “seized by US Homeland Security Investigations (HSI)” as part of a coordinated international operation. The US Justice Department has confirmed the disruption and website seizure, but kept the warrant for the action sealed.

The statements are the first recognition from US agencies of the operation. German officials confirmed the operation last week, noting that they confiscated technical infrastructure used by the group. “Substantial amounts of data were secured, which are now being analyzed to investigate and identify other perpetrators,” German law enforcement sources said.

The FBI said in 2024 that the group demanded more than $500 million in ransoms and after the rebrand continued to issue exorbitant ransom demands, some of which reached as high as $60 million.

BlackSuit also took responsibility for dozens of attacks on US schools and colleges and companies and local governments, including the Japanese medallion giant Kadokawa and Tampa Bay Zoo. In April 2024, the gang claimed responsibility for an attack against the blood plasma collection organisation Octapharma, which the American Hospital Association said “resulted in the temporary closure of almost 200 blood plasma collection centers” across the country.

US Secret Service Criminal Investigative Division Special Agent in Charge William Mancino said the takedown was a “critical blow to BlackSuit’s infrastructure and operations.”

This takedown was part of Operation Checkmate, a Europol-led initiative targeting the Royal and BlackSuit ransomware operations. Cyber security firm Bitdefender assisted the agencies in the operation and said it was “another important milestone in the fight against organised cybercrime.”

Following these events, it is understood that BlackSuit has already pivoted to forming a new ransomware operation called Chaos.

The DOJ has recently said that it seized $2.4 million worth of crypto-currency from a crypto-currency address allegedly associated with a member of the Chaos ransomware group, known as “Hors”, which they said has been tied to ransomware attacks against victims located in Texas and elsewhere.

US Dept of Justice | Computer Weekly | Mondaq

Image: Unsplash

You Might Also Read:

Scattered Spider Attacks - Four Arrested:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.