[ad_1]
The US Department of Justice, in collaboration with multiple international law enforcement agencies, has taken significant action against the ransomware group BlackSuit. The operation, conducted in late July 2024, led to the seizure of servers, domain names, and approximately $1 million in cryptocurrency linked to the group. The Justice Department announced the takedown on Monday, highlighting the coordinated effort involving Homeland Security Investigations, the Secret Service, the IRS, the FBI, and law enforcement from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania [1].
BlackSuit, which emerged as a spinoff of the Royal ransomware group in 2023, has been responsible for over 450 known victim organizations in the US. The group has collected more than $370 million in ransom payments since 2022, using double-extortion tactics that involve encrypting victims’ systems and threatening to leak sensitive data unless ransom demands are met. Ransom amounts typically ranged between $1 million and $10 million in Bitcoin, with the highest demand reaching $60 million, according to the Cybersecurity and Infrastructure Security Agency [1].
A notable case involved a victim who paid 49.3 BTC, worth approximately $1.4 million at the time, to recover their data. Part of this payment—later valued at around $1 million—was repeatedly moved between a crypto exchange account before being frozen in early 2024. While the exchange was not disclosed, the Justice Department emphasized that the takedown was not only about seizing servers but also dismantling the broader ecosystem enabling cybercriminal operations [1].
The operation adds to the US government’s broader efforts to combat ransomware, including the recent sanctioning of the ransomware hosting provider Aeza Group in July. The Justice Department continues to stress the seriousness of ransomware threats, particularly to critical infrastructure sectors such as healthcare, government, manufacturing, and commercial facilities.
Meanwhile, analysts from TRM Labs have reported on the emergence of a new ransomware group named Embargo, which may be linked to the BlackCat group through similar laundering tactics. As of the latest reports, approximately $18.8 million remains dormant in unattributed wallets [1].
Source: [1] US takes down sites, seizes $1M from crypto ransomware gang BlackSuit (https://cointelegraph.com/news/us-takes-down-sites-seizes-1m-crypto-ransomware-gang-blacksuit)
[ad_2]
Source link
