[ad_1]
Law enforcement from eight countries took part in “Operation Checkmate” targeting the Royal and BlackSuit ransomware groups
The Delta Police Department’s Cybercrime Unit recently helped U.S. authorities and law enforcement from six other countries dismantle “critical infrastructure” used in ransomware attacks on essential services around the world.
Earlier this month, the United States Department of Justice announced co-ordinated actions against the BlackSuit ransomware group — a “major cybercriminal operation” and successor to (or reband of) the Royal ransomware group.
Those actions included the takedown of four servers and nine domains on July 24 and the seizure of virtual currency then valued at US$1,091,453, as well as other digital assets used to deploy ransomware, extort victims and launder the proceeds.
“Disrupting ransomware infrastructure is not only about taking down servers — it’s about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,” Michael Prado, deputy assistant director of Homeland Security Investigations’ Cyber Crimes Center, said in a press release.
“This operation is the result of tireless international co-ordination and shows our collective resolve to hold ransomware actors accountable.”
The co-ordinated takedown was conducted as part of Operation Checkmate, an initiative of Europol’s Joint Cyber Action Task Force specifically targeting the Royal and BlackSuit ransomware groups.
Numerous American law enforcement agencies took part in the operation, including United States Immigration and Customs Enforcement’s Homeland Security Investigations (both under the Department of Homeland Security), the U.S. Secret Service, Internal Revenue Service’s Criminal Investigation division, and the Federal Bureau of Investigation.
Operation Checkmate also involved the Royal Canadian Mounted Police and Delta Police Department, working with the United Kingdom’s National Crime Agency and Northwest Regional Organized Crime Unit, Germany’s Landeskriminalamt Niedersachsen, Ireland’s An Garda Síochána-Garda National Cyber Crime Bureau, Ukraine’s National Police of Ukraine Cyberpolice Department, Lithuania’s Criminal Police Bureau, and France’s Office Anti-Cybercriminalité.
“This operation strikes a critical blow to BlackSuit’s infrastructure and operations,” said Special Agent in Charge William Mancino of the U.S. Secret Service’s Criminal Investigative Division said in a press release.
“The U.S. Secret Service is committed to working alongside our law enforcement partners to dismantle criminal enterprises and prevent the deployment of malicious ransomware that victimizes businesses and organizations.”
Since 2022, the Royal and BlackSuit ransomware groups have compromised over 450 known victims in the United States, including entities in the health care, education, public safety, energy and government sectors, according to Immigration and Customs Enforcement..
Combined, the groups have received more than US$370 million in ransom payments, based on present-day valuations of cryptocurrency.
The ransomware schemes used “double-extortion” tactics, encrypting victims’ systems while threatening to leak stolen data to further coerce payment. Victims are typically required to pay ransoms in Bitcoin by accessing a “darknet” website.
The U.S. Cybersecurity and Infrastructure Security Agency says BlackSuit/Royal ransom demands typically range from around US$1 million to US$10 million.
In all, BlackSuit/Royal actors have demanded over US$500 million, with the largest individual ransom demand being US$60 million.
According to the Justice Department, on or about April 4, 2023, a victim paid a ransom of 49.3120227 Bitcoin (worth US$1,445,454.86 at the time) to decrypt their data.
A portion of those proceeds (the seized US$1,091,453) was repeatedly deposited into and withdrawn from a virtual currency exchange account, until the funds were frozen by that exchange around Jan. 9, 2024.
In a post to the department’s Facebook page, Delta Police said it is “proud of the work conducted by our Cybercrime Unit, in tandem with the RCMP and numerous international law enforcement agencies, to support the coordinated disruption of the BlackSuit (Royal) Ransomware group.
“This joint operation demonstrates the strength of collaboration in protecting communities from cybercrime.”
[ad_2]
