US Seizes $1M from BlackSuit Ransomware Gang
▼ Summary
– The US Department of Justice disrupted the BlackSuit ransomware group by seizing four servers, nine domains, and $1.1M in stolen cryptocurrency.
– A secret seizure of funds preceded Operation Checkmate, a global effort involving agencies from the US, UK, Germany, and other countries.
– BlackSuit, a rebrand of the Royal ransomware group, has extorted over $500M since 2022, targeting critical sectors like healthcare and government.
– The group’s attack on Dallas in 2023 disrupted public services, including 911 dispatch systems.
– US authorities emphasized a “disruption-first” approach to combat ransomware threats and protect critical infrastructure.
U.S. authorities have struck a significant blow against the notorious BlackSuit ransomware gang, seizing over $1 million in stolen cryptocurrency and dismantling key infrastructure used in their cyberattacks. The Department of Justice announced the successful disruption of the group’s operations, marking a major victory in the ongoing battle against ransomware threats.
Four servers and nine domains linked to BlackSuit were taken offline as part of a coordinated international effort. Additionally, a previously sealed warrant revealed the recovery of approximately $1.1 million in cryptocurrency tied to a ransom payment made by one of the gang’s victims in April 2023. The payment, originally 43 Bitcoin (worth $1.4 million at the time), had been moved through a crypto exchange before being frozen earlier this year.
This seizure was part of Operation Checkmate, a broader initiative led by U.S. law enforcement to dismantle ransomware networks. The operation involved collaboration between multiple agencies, including the FBI, Homeland Security Investigations, the U.S. Secret Service, and international partners from the UK, Germany, France, and other countries. On July 24, 2025, authorities confiscated not only the group’s digital infrastructure but also undisclosed assets used to deploy ransomware and launder illicit profits.
“This operation demonstrates our aggressive approach to disrupting cybercriminals before they can inflict further harm,” said U.S. Attorney Erik Siebert. “We will continue to use every tool available to protect businesses, critical infrastructure, and individuals from these relentless threats.”
BlackSuit, which emerged as a rebrand of the Royal ransomware group in mid-2023, has been active since late 2022 and maintains connections to the defunct Conti cybercrime syndicate. According to a Cybersecurity and Infrastructure Security Agency (CISA) report, the group has demanded more than $500 million in ransom payments, though the actual amount collected remains unclear.
The gang has targeted critical sectors, including manufacturing, healthcare, and government facilities. One of its most disruptive attacks hit the City of Dallas in 2023, crippling public services and even affecting emergency response systems. The recent law enforcement action underscores the growing global effort to hold ransomware operators accountable and mitigate their widespread damage.
(Source: InfoSecurity Magazine)
