- US law enforcement claims BlackSuit is completely dismantled
- The agencies seized servers, domains and digital assets
- Since 2022, the group hit 450 companies and stole millions of dollars
BlackSuit, a ransomware group and a successor to the Royal gang, managed to compromise 450 organizations in the United States and steal $370 million in ransom payments, before being dismantled by US law enforcement agents, the US Department of Homeland Security (DHS) has said.
A press release published on the US Immigration and Customs Enforcements (ICE) website, said ICE’s Homeland Security Investigations (its main investigative arm), in coordination with both US and international law enforcement agents, “successfully dismantled critical infrastructure used by BlackSuit ransomware”.
“The operation resulted in the seizures of servers, domains and digital assets used to deploy ransomware, extort victims, and launder proceeds,” it was said.
No arrests
The announcement said that since 2022, Royal and BlackSuit ransomware groups have compromised more than 450 known victims in the United States, including healthcare, education, public safety, energy, and government sector organizations.
These attacks brought them more than $370 in cryptocurrency, based on today’s prices.
Unfortunately, no one was arrested, and if history taught us anything – these threat actors will be back sooner rather than later.
While disrupting the infrastructure is a commendable move and will certainly make things difficult for the threat actors in the short-term, they will have no issues reestablishing the hardware, especially with $370 million in their pocket.
Previously, the FBI, US Homeland Security, the US Department of Justice (DoJ), and other partners, defaced BlackSuit’s main website, as well as extortion and data leak sites, in a sting called “Operation Checkmate”.
A US Department of Health and Human Services report published in late November 2023 said BlackSuit was first spotted in May that year, showing “striking parallels with Royal, the direct successor of the former notorious Russian-linked Conti operation”.
“This operation strikes a critical blow to BlackSuit’s infrastructure and operations,” said US Secret Service Criminal Investigative Division Special Agent in Charge William Mancino.
“The US Secret Service is committed to working alongside our law enforcement partners to dismantle criminal enterprises and prevent the deployment of malicious ransomware that victimizes businesses and organizations.”
Via BleepingComputer
