The US has seized servers, domain names, and around $1 million in crypto assets from the ransomware group BlackSuit.
The Justice Department said on Monday that multiple US and international law enforcement agencies conducted an operation against the BlackSuit ransomware groups in late July.
The operation included the unsealing of a warrant for the seizure of cryptocurrency valued at just over $1 million, at the time of the seizure, it reported
“Disrupting ransomware infrastructure is not only about taking down servers, it’s about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,” added Michael Prado, Deputy Assistant Director at the Homeland Security Investigations Cyber Crimes Center.
Blacksuit is a spinoff of the Royal ransomware gang and has operated since at least 2023, with the latest seizure coming amid other actions the US has taken against ransomware groups, such as sanctioning the ransomware hosting provider Aeza Group in July.
The Justice Department said the takedown was led by the US Department of Homeland Security’s Homeland Security Investigations with help from the Secret Service, the IRS and the FBI, along with law enforcement from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania.
Coordinated ransomware attacks
The Justice Department said the ransomware group persistently targeted critical infrastructure across sectors, including healthcare, government facilities, manufacturing, and commercial facilities. Victims are typically forced to pay ransoms in Bitcoin (BTC) through darknet websites.
Since 2022, BlackSuit has compromised over 450 known victims in the US and has received more than $370 million in ransom payments, it added.
The ransomware schemes used double-extortion tactics such as encrypting victims’ systems while threatening to leak stolen data to further coerce payment, the DOJ stated
Sample of BlackSuit ransom demand. Source:SentinelOne“The BlackSuit ransomware gang’s persistent targeting of US critical infrastructure represents a serious threat to US public safety,” said Assistant Attorney General for National Security John Eisenberg.
Bitcoin ransom seized
In 2023, a victim paid a ransom of 49.3 BTC, worth around $1.4 million at the time, to decrypt their data
A portion of the ransom payment, the seized $1 million, was repeatedly deposited and withdrawn from a crypto exchange account until the funds were frozen by the exchange in early 2024, it reported, though it did not name the exchange
Related:US sanctions crypto wallet tied to ransomware, infostealer host
Ransom demands have typically ranged from approximately $1 million to $10 million in BTC, and the largest ransom demanded by BlackSuit actors was $60 million, according to the Cybersecurity and Infrastructure Security Agency.
Crypto ransomware successors crop up
In July, the Dallas, Texas, FBI announced the seizure of 20 BTC valued at around $2.4 million from a cryptocurrency address belonging to a prominent member of the Chaos ransomware group.
Last week, analysts at TRM Labs investigated how a new ransomware group called Embargo may have emerged as a successor operation to BlackCat, which launders proceeds through crypto accounts. Approximately $18.8 million worth remains dormant in unattributed wallets, it revealed
Magazine:Scottie Pippen says Michael Saylor warned him about Satoshi chatter
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
US takes down sites, seizes $1M from crypto ransomware gang BlackSuit
The US has seized servers, domain names, and around $1 million in crypto assets from the ransomware group BlackSuit.
The Justice Department said on Monday that multiple US and international law enforcement agencies conducted an operation against the BlackSuit ransomware groups in late July.
The operation included the unsealing of a warrant for the seizure of cryptocurrency valued at just over $1 million, at the time of the seizure, it reported
“Disrupting ransomware infrastructure is not only about taking down servers, it’s about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,” added Michael Prado, Deputy Assistant Director at the Homeland Security Investigations Cyber Crimes Center.
Blacksuit is a spinoff of the Royal ransomware gang and has operated since at least 2023, with the latest seizure coming amid other actions the US has taken against ransomware groups, such as sanctioning the ransomware hosting provider Aeza Group in July.
The Justice Department said the takedown was led by the US Department of Homeland Security’s Homeland Security Investigations with help from the Secret Service, the IRS and the FBI, along with law enforcement from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania.
Coordinated ransomware attacks
The Justice Department said the ransomware group persistently targeted critical infrastructure across sectors, including healthcare, government facilities, manufacturing, and commercial facilities. Victims are typically forced to pay ransoms in Bitcoin (BTC) through darknet websites.
Since 2022, BlackSuit has compromised over 450 known victims in the US and has received more than $370 million in ransom payments, it added.
The ransomware schemes used double-extortion tactics such as encrypting victims’ systems while threatening to leak stolen data to further coerce payment, the DOJ stated
Bitcoin ransom seized
In 2023, a victim paid a ransom of 49.3 BTC, worth around $1.4 million at the time, to decrypt their data
A portion of the ransom payment, the seized $1 million, was repeatedly deposited and withdrawn from a crypto exchange account until the funds were frozen by the exchange in early 2024, it reported, though it did not name the exchange
Related: US sanctions crypto wallet tied to ransomware, infostealer host
Ransom demands have typically ranged from approximately $1 million to $10 million in BTC, and the largest ransom demanded by BlackSuit actors was $60 million, according to the Cybersecurity and Infrastructure Security Agency.
Crypto ransomware successors crop up
In July, the Dallas, Texas, FBI announced the seizure of 20 BTC valued at around $2.4 million from a cryptocurrency address belonging to a prominent member of the Chaos ransomware group.
Last week, analysts at TRM Labs investigated how a new ransomware group called Embargo may have emerged as a successor operation to BlackCat, which launders proceeds through crypto accounts. Approximately $18.8 million worth remains dormant in unattributed wallets, it revealed
Magazine: Scottie Pippen says Michael Saylor warned him about Satoshi chatter