The United States has seized servers, domains, and approximately $1 million in cryptocurrency assets from the BlackSuit ransomware group.
The Department of Justice announced on Monday that U.S. and international law enforcement agencies launched a joint operation against the BlackSuit ransomware group at the end of July.
A cryptocurrency seizure warrant was executed during the operation, with a value slightly exceeding $1 million at the time of seizure.
"Dismantling ransomware infrastructure is not just about shutting down servers; it also involves dismantling the entire ecosystem that allows cybercrime to operate without consequences," added Michael Prado, Deputy Director of the Homeland Security Investigations Cyber Crime Center.
BlackSuit is a branch of the Royal ransomware group, active since 2023, with the recent seizure operations accompanying others targeting ransomware groups, such as the July sanctions against the ransomware hosting provider Aeza Group.
The Department of Justice stated that the operation was led by the U.S. Department of Homeland Security's Homeland Security Investigations, with support from the Secret Service, IRS, FBI, and law enforcement from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania.
Coordinated ransomware attacks
The Department of Justice stated that the ransomware group continues to attack various critical infrastructures, including healthcare, government, manufacturing, and commercial facilities. Victims are often forced to pay ransoms in Bitcoin through dark web sites.
Since 2022, BlackSuit has breached over 450 known victims in the United States and received over $370 million in ransom payments.
The ransomware scheme uses double extortion tactics, such as encrypting victims' systems while threatening to leak stolen data to force payment.
"The BlackSuit ransomware group continues to target critical infrastructure in the United States, representing a serious threat to public safety," said National Security Assistant Attorney General John Eisenberg.
Bitcoin ransom was seized
In 2023, a victim paid 49.3 BTC, worth about $1.4 million, to decrypt their data.
Part of the ransom was deposited multiple times and withdrawn to cryptocurrency exchange accounts until being frozen by the exchange in early 2024.
Ransoms typically range from $1 million to $10 million in BTC, with BlackSuit demanding a maximum ransom of up to $60 million.
