ChainCatcher News: According to US and international law enforcement agencies, four servers, nine domain names, and approximately $1 million in Bitcoin have been seized. These assets are linked to a notorious Russian ransomware gang that is accused of attacking hundreds of institutions covering critical sectors.
The U.S. Department of Justice said the operation, conducted on July 24th by the United States and agencies from Canada, Germany, Ireland, France, the United Kingdom, Ukraine, Lithuania, and other countries, targeted infrastructure associated with the BlackSuit and Royal ransomware strains. Investigators believe the two ransomware variants were developed by the same cybercriminal group.
Authorities say the group has extorted more than $500 million in ransoms since 2022, with the largest single ransom reaching $60 million. During that time, they allegedly attacked more than 450 victims in the United States, including hospitals, schools, police departments, energy companies, and government agencies, raking in at least $370 million in illegal profits.
The seized cryptocurrency, valued at $1,091,453 at the time of seizure, originated from a digital wallet frozen by an exchange in January 2024. According to court documents, the funds comprised part of a $1.45 million Bitcoin ransom paid by a victim in April 2023.
Victims of BlackSuit and Royal are typically asked to pay a ransom in Bitcoin through dark web websites. Cybersecurity officials warn that operators of this type of malware often combine intimidation tactics with sophisticated data-stealing techniques, making it difficult to recover data without paying the ransom.
