BlackSuit Ransomware’s Dark Web Sites Shut Down by Authorities
▼ Summary
– BlackSuit’s dark web site was seized by U.S. Homeland Security Investigations in a coordinated international operation involving agencies from nine countries.
– BlackSuit, a ransomware group active since May 2023, is linked to 184 victims and believed to be a rebrand of the Royal ransomware gang, which originated from the Conti group.
– The group has executed high-profile attacks, including disruptions at Octapharma Plasma and CDK Global, causing estimated losses of $1bn.
– BlackSuit employs double extortion tactics, with ransom demands ranging from $1m to $60m, totaling over $500m in two years.
– Despite the takedown, BlackSuit members may have rebranded as the new Chaos ransomware group, as suggested by similarities in attack methods.
Authorities have successfully dismantled the dark web infrastructure of the notorious BlackSuit ransomware group in a coordinated international crackdown. Visitors attempting to access the group’s primary site through TOR networks were met with a seizure notice from U.S. Homeland Security Investigations, signaling a major victory for global law enforcement.
The takedown, part of Operation Checkmate, involved agencies from nine countries, including the U.S., UK, Ukraine, and Latvia, alongside Europol and cybersecurity firm Bitdefender. While no official statements have been released, the banner confirms participation from the U.S. Department of Justice and 16 other law enforcement bodies.
BlackSuit first surfaced in May 2023, allegedly as a rebrand of the Royal ransomware gang, itself an offshoot of the infamous Conti group. With 184 claimed victims, the group quickly gained notoriety for high-profile attacks, including disruptions at Octapharma Plasma’s blood donation centers and a crippling strike on CDK Global, which serves 15,000 car dealerships and caused an estimated $1 billion in damages.
Unlike many ransomware operations, BlackSuit did not follow the ransomware-as-a-service (RaaS) model, instead keeping its tools exclusive to members. Their tactics included double extortion, encrypting data while threatening public leaks unless ransoms, often between $1 million and $10 million in Bitcoin, were paid. The highest recorded demand reached a staggering $60 million.
Despite the infrastructure takedown, experts warn the group’s members remain at large. Cisco Talos recently linked BlackSuit to the emerging Chaos ransomware, citing identical attack methods, ransom note formats, and tool usage. This suggests the group may have simply rebranded, a common tactic among cybercriminals evading law enforcement.
The operation’s scale highlights the growing collaboration between global agencies to combat ransomware threats. However, with no arrests confirmed, the fight against these evolving cyber threats is far from over.
(Source: InfoSecurity Magazine)
