The U.S. Justice Department said Monday it has taken down parts of the BlackSuit ransomware network in a coordinated operation with international partners, seizing four servers, nine domains, and more than $1 million in cryptocurrency linked to the group’s extortion schemes.
The July 24 action involved the Department of Homeland Security’s Homeland Security Investigations, the U.S. Secret Service, IRS Criminal Investigation, the FBI, and law enforcement from the U.K., Germany, Ireland, France, Canada, Ukraine, and Lithuania. Prosecutors also unsealed a warrant to seize $1,091,453 in virtual currency, jointly announced by the U.S. Attorney’s Offices for the Eastern District of Virginia and the District of Columbia.
BlackSuit, also known as Royal, has targeted critical infrastructure including manufacturing, government facilities, healthcare, and commercial operations. The FBI and the Cybersecurity and Infrastructure Security Agency say the group typically demands ransoms in Bitcoin via darknet portals. The BlackSuit ransomware operation emerged in early April/May of 2023. The group is a multi-pronged extortion outfit, encrypting and exfiltrating victim data and hosting public data leak sites for those victims that fail to comply with their demands.
One victim paid 49.31 Bitcoin ($1.45 million at the time) in April 2023. Prosecutors said $1.09 million of that was laundered through a virtual currency exchange until the funds were frozen in January.
Officials described the takedown as part of a “disruption-first” strategy aimed at dismantling ransomware infrastructure before further attacks occur. “This operation strikes a critical blow to BlackSuit’s infrastructure and operations,” said William Mancino, Special Agent in Charge of the U.S. Secret Service’s Criminal Investigative Division.
The case remains under investigation, with cooperation from agencies across Europe and North America. The seizure adds to a series of international law enforcement actions in recent years aimed at disrupting ransomware groups that have extracted hundreds of millions of dollars from victims globally.
