[ad_1]
The ransomware schemes used double-extortion tactics.
The U.S. Immigration and Customs Enforcement (ICE) agency claims to have dismantled the BlackSuit ransomware gang.
According to a statement, the operation resulted in the seizures of servers, domains and digital assets used to deploy ransomware, extort victims, and launder proceeds. Since 2022, the Royal and BlackSuit ransomware groups have compromised over 450 known victims in the United States, including entities in the healthcare, education, public safety, energy and government sectors.
Combined, the groups have received more than $370 million in ransom payments, based on present-day valuations of cryptocurrency. In particular, the ransomware schemes used double-extortion tactics – encrypting victims’ systems while threatening to leak stolen data to further coerce payment.
The case is being prosecuted by the U.S. Attorney’s Office for the Eastern District of Virginia, which continues to collaborate with international partners to pursue legal accountability for those involved in the Royal and BlackSuit campaigns.
“This investigation reflects the full reach of HSI’s cyber mission and our commitment to protecting victims – whether they’re small businesses, school systems, or hospitals,” said HSI Washington, D.C. acting Special Agent in Charge Christopher Heck.
“We will continue to target the infrastructure, finances and operators behind these ransomware groups to ensure they have nowhere left to hide.”
“Disrupting ransomware infrastructure is not only about taking down servers — it’s about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,” HSI Cyber Crimes Center Deputy Assistant Director Michael Prado, told SC US. “This operation is the result of tireless international coordination and shows our collective resolve to hold ransomware actors accountable.”
Craig Jones, chief security officer at Ontinue, told SC US that while this takedown is a win for defenders, it’s not a knockout. Without arrests, the operators behind BlackSuit still have the skills, infrastructure know-how, and hundreds of millions in funding to restart operations under a new name, he claimed.
“We’ve seen this cycle play out with other ransomware crews, and disruption without accountability usually only buys time,” said Jones. “The coordinated international effort is encouraging, but lasting impact will require hitting the human element, not just the servers.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show.
Outside work, Dan supports Tottenham Hotspur, manages mischievous cats, and samples the finest craft beers.
[ad_2]
Source link
