TLDR
- US and global law enforcement seized $1 million from the BlackSuit ransomware group.
-
BlackSuit gang has compromised over 450 US victims and received $370 million in ransom.
-
Ransomware attacks from BlackSuit targeted critical sectors including healthcare.
-
The seizure is part of an ongoing effort to disrupt ransomware operations worldwide.
In a coordinated effort involving US and international law enforcement agencies, over $1 million in crypto assets were seized from the BlackSuit ransomware group. The operation, carried out in late July, was a significant step in disrupting the group’s criminal activities. BlackSuit, which emerged as a spinoff from the Royal ransomware gang, has been actively targeting organizations since at least 2023.
The seizure included the confiscation of servers, domain names, and cryptocurrency valued at over $1 million. This latest action forms part of a broader crackdown on ransomware groups that have been exploiting crypto to facilitate extortion.
BlackSuit Ransomware Attacks on Critical Infrastructure
The BlackSuit ransomware group has been involved in a series of high-profile attacks on critical infrastructure sectors. These include healthcare facilities, government organizations, manufacturing plants, and commercial enterprises. The group uses a combination of double-extortion tactics, encrypting victims’ data and threatening to leak sensitive information unless a ransom is paid, usually in Bitcoin.
Since 2022, BlackSuit has targeted over 450 known victims in the US, amassing more than $370 million in ransom payments.
This highlights the scale and financial impact of the group’s operations, which have been ongoing for nearly two years. The US Department of Justice (DOJ) describes their continued targeting of US critical infrastructure as a significant threat to public safety.
International Collaboration to Tackle Ransomware
The takedown of BlackSuit involved collaboration between multiple law enforcement agencies, including the US Department of Homeland Security (DHS), the Secret Service, the FBI, and the IRS. The operation as a result also received assistance from international law enforcement agencies from the UK, Germany, France, Canada, Lithuania, and Ukraine.
Michael Prado, Deputy Assistant Director at the Homeland Security Investigations Cyber Crimes Center, emphasized that disrupting ransomware infrastructure is critical not just in seizing funds but in dismantling the entire ecosystem supporting these cybercriminals.
The international aspect of this operation as a result underscores the global nature of ransomware threats and the need for cross-border cooperation.
Crypto Seized from BlackSuit’s Ransom Payments
Among the assets seized, a portion of the ransom payments made to BlackSuit were traced and frozen by a crypto exchange in early 2024.
One particular ransom payment, worth 49.3 BTC (approximately $1.4 million at the time), was traced and included in the $1 million seized by authorities. The seized funds were repeatedly deposited and withdrawn from the crypto exchange before being frozen.
Ransom demands from BlackSuit typically range from $1 million to $10 million, with their highest recorded ransom demand reaching $60 million. These figures demonstrate the lucrative nature of ransomware operations that continue to exploit crypto markets to facilitate illegal activities.
