Home NewsU.S. Cracks Down on BlackSuit Ransomware Gang, Seizes Servers and $1.09M in Crypto

U.S. Cracks Down on BlackSuit Ransomware Gang, Seizes Servers and $1.09M in Crypto

by James Richardson
written by James Richardson 0 comments 3 mins read

US law enforcement has taken decisive action against BlackSuit, a ransomware group linked to more than $370 million in ransom demands since its emergence in 2022. The Justice Department announced the seizure of four servers, nine domains, and $1.09 million in cryptocurrency tied to the group.

The operation, carried out on July 24, involved a wide coalition of agencies, including Homeland Security Investigations, the Secret Service, IRS Criminal Investigation, and the FBI, as well as law enforcement from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania.

From Royal Spinoff to a Major Ransomware Threat

Authorities say BlackSuit began as a spinoff of the Royal ransomware gang in 2023, inheriting many of its tactics and tools. It quickly gained a reputation for attacking critical U.S. infrastructure, with ransom demands typically ranging from $1 million to $10 million, and in some cases reaching $60 million.

The groupโ€™s victims included healthcare providers, government facilities, manufacturing plants, and commercial operations. Attacks often locked organizations out of vital systems while threatening to leak sensitive stolen data via a darknet portal if payments were not made.

Millions Recovered from Ransom Payments

In one 2023 case, a victim paid 49.3 Bitcoin โ€” about $1.44 million at the time โ€” to recover control of their systems after a BlackSuit breach. A portion of that payment accounts for the $1.09 million seized in the latest operation, which followed months of investigation.

Since 2022, investigators estimate that over 450 known victims in the U.S. have been impacted by BlackSuit attacks.

U.S. Adopts a โ€œDisruption-Firstโ€ Approach to Ransomware

This seizure is part of the U.S. governmentโ€™s โ€œdisruption-firstโ€ strategy to dismantle ransomware operations. Earlier this year, the U.S., UK, and Australia jointly sanctioned Russian hosting provider Zservers for supporting the LockBit ransomware gang.

In a related case last month, the Justice Department moved to recover $2.3 million in Bitcoin from a Chaos ransomware group member after the FBIโ€™s Dallas division seized 20 BTC tied to the gang.

James Richardson, graduated from the University of California, Berkeley with a double major in Economics and Computer Science. During his university studies, he became interested in the cryptocurrency ecosystem through in-depth studies of blockchain technology and digital assets. In this context, he continues his career at PRIME.

You may also like

Global Crypto Platforms Disrupted as Cloudflare Suffers Major Outage

Tether Backs Ledn to Boost Bitcoin-Collateralized Lending Worldwide

Bitcoin and Ethereum ETFs Face Heavy Outflows as Investors Shift Toward Altcoins

Mt. Gox Moves Nearly $1B in Bitcoin, Sparking Fresh Speculation

Bitcoin Crashes Below $90K as Market Weakness Deepens

El Salvador Makes Its Largest Bitcoin Purchase Amid Market Dip