German prosecutors say a joint U.S.-European operation has seized infrastructure belonging to the BlackSuit ransomware gang, a notorious hacking group blamed for several major cyberattacks in recent years.
In a new statement this week, officials in Germany said they had seized the gang’s servers and systems as part of an operation on July 24. The officials said the operation had secured “considerable amounts of data” that will be used to help identify the individuals responsible for the attacks.
The officials said they switched off the servers, effectively cutting off the ransomware malware. The statement said BlackSuit had a total of 184 victims worldwide, of which several were in Germany.
At the time of publication, the BlackSuit’s leak site on the dark web, which it used to publish files and extort victims into paying a ransom, was no longer loading. It now displays a seizure notice saying the site was taken down by a “coordinated international law enforcement investigation.”
The operation went ahead with help from ICE’s Homeland Security Investigations unit and Europol, according to the German officials. Representatives for ICE did not return a request for comment.
U.S. authorities reportedly disclosed the seizure earlier in the week, per one report. It’s not immediately clear if any arrests were made.
BlackSuit has been one of the more prolific ransomware operations in recent years, targeting U.S. cities like Dallas, as well as organizations in the manufacturing, communications and healthcare industries.
In 2024, U.S. cybersecurity agency CISA warned that the gang was rebranding from Royal to BlackSuit. It’s not uncommon for ransomware gangs to spin off or merge with other groups to skirt government-imposed sanctions that make it more difficult to profit from cyberattacks.
Security researchers have since found that a new ransomware gang dubbed Chaos is likely made up of former members of the BlackSuit gang.
