The U.S. government and seven international partners have seized the computer servers of the BlackSuit ransomware group and more than $1 million in cryptocurrency that it laundered, the Justice Department said on Monday.
The FBI, the Secret Service, U.S. Immigration and Customs Enforcement’s Homeland Security Investigations and the IRS’s Criminal Division worked with authorities in Canada, France, Germany, Ireland, Lithuania, the U.K. and Ukraine to take down four of BlackSuit’s servers and take over nine of its web domains.
BlackSuit, also known as Royal, has been among the most prolific threat actors in recent years. The group has targeted at least 450 organizations since 2022 and collected more than $370 million in ransom payments, according to ICE. The group has engaged in sophisticated data-exfiltration and extortion operations, often using phishing attacks to gain initial access to its targets.
As previously reported, the group was linked to attacks against the city of Dallas and many users of a vulnerable Citrix product. It also launched ransomware attacks on healthcare facilities and manufacturing firms, according to CISA.
Erik Siebert, the U.S. attorney for the Eastern District of Virginia, said the coordinated takedown of BlackSuit’s infrastructure “exemplifies the forward-leaning, disruption-first approach we are taking to address this threat.” He added, “When it comes to protecting U.S. businesses, critical infrastructure, and other victims from ransomware and other cyberthreat actors, we will pull no punches.”
