US Confirms Takedown of BlackSuit Ransomware Behind 450+ Hacks

Federal law enforcement agencies have successfully dismantled the critical infrastructure of BlackSuit ransomware, a sophisticated cybercriminal operation that has compromised over 450 victims across the United States since 2022 and collected more than $370 million in ransom payments.

Major International Operation Targets Cyber Criminal Network

ICE’s Homeland Security Investigations (HSI) led the coordinated takedown in partnership with U.S. and international law enforcement agencies, seizing servers, domains, and digital assets used by the ransomware group.

BlackSuit, identified as the successor to the notorious Royal ransomware, has specifically targeted essential services including healthcare systems, educational institutions, public safety organizations, energy infrastructure, and government agencies.

“Disrupting ransomware infrastructure is not only about taking down servers — it’s about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,” said HSI Cyber Crimes Center Deputy Assistant Director Michael Prado.

The operation demonstrates unprecedented international coordination in combating cybercrime.

The ransomware groups employed sophisticated double-extortion tactics, encrypting victims’ computer systems while simultaneously threatening to leak stolen sensitive data to coerce payment.

This approach has proven particularly devastating for critical infrastructure sectors where operational disruption can have life-threatening consequences.

“The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to U.S. public safety,” stated Assistant Attorney General for National Security John A. Eisenberg, emphasizing the national security implications of these attacks.

The investigation revealed that combined Royal and BlackSuit operations have extracted over $370 million in cryptocurrency payments from victims, based on current valuations.

These funds were systematically laundered through complex digital asset schemes designed to obscure the criminal proceeds.

The takedown involved extensive collaboration between multiple federal agencies, including HSI, the FBI, U.S. Secret Service, and IRS Criminal Investigation.

International partners from the United Kingdom, Germany, Ireland, Ukraine, Lithuania, France, and Canada contributed to the operation under Europol’s Operation Checkmate initiative.

“This operation strikes a critical blow to BlackSuit’s infrastructure and operations,” said U.S. Secret Service Criminal Investigative Division Special Agent in Charge William Mancino, highlighting the collaborative approach to dismantling criminal enterprises.

The U.S. Attorney’s Office for the Eastern District of Virginia is prosecuting the case, working with international partners to pursue legal accountability for those involved in both Royal and BlackSuit campaigns.

The operation represents a significant victory in the ongoing battle against ransomware threats targeting American businesses and critical infrastructure, demonstrating law enforcement’s evolving capabilities in cyber warfare.

The Ultimate SOC-as-a-Service Pricing Guide for 2025– Download for Free