The US dismantles the BlackSuit ransomware network, seizing $1 million in encryption assets.

The US Department of Justice announced that it has successfully shut down the well-known Ransomware organization BlackSuit's website and servers in conjunction with multiple international law enforcement agencies, seizing approximately $1 million in Crypto Assets. This action is seen as a significant blow to transnational cybercrime groups and highlights the global zero-tolerance stance against crypto extortion.

Cross-border Action Lock BlackSuit

The U.S. Department of Justice stated that this operation began at the end of July, led by the U.S. Department of Homeland Security's Homeland Security Investigations, with assistance from the Secret Service, the Internal Revenue Service, the Federal Bureau of Investigation (FBI), as well as law enforcement agencies from countries such as the United Kingdom, Germany, France, Canada, Ireland, Ukraine, and Lithuania.

Action results: Shutdown of BlackSuit website and servers

Asset seizure: freezing and confiscating Crypto Assets worth 1 million US dollars.

Target Organization: BlackSuit is a derivative group of the Royal Ransomware, active since 2023.

Attacking critical infrastructure has accumulated ransom of over 370 million USD

The Department of Justice pointed out that BlackSuit has been targeting critical infrastructure such as healthcare, government, manufacturing, and commercial facilities for a long time, demanding that victims pay ransoms in Bitcoin.

Known victims: Over 450 since 2022

Total Ransom: Over 370 million USD

Ransomware tactics: Double extortion (encryption system + threat of data leakage)

Bitcoin Ransom Flow Exposed

In 2023, a victim paid 49.3 coins (worth approximately 1.4 million USD at the time) to unlock data, part of which was the 1 million USD seized this time.

Investigation shows that the funds were transferred in and out of a certain Crypto Assets exchange account multiple times until being frozen in early 2024. The name of the exchange has not been disclosed.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), BlackSuit's ransom demands typically range from 1 million to 10 million dollars, with a maximum reaching 60 million dollars.

Ransomware ecosystem continues to evolve

The dismantling of BlackSuit does not mean the end of the threat. Recently, the United States also sanctioned another Ransomware hosting service, Aeza Group, and seized 20 bitcoins (approximately 2.4 million USD) from members of the Chaos ransomware organization.

At the same time, security company TRM Labs warned that an emerging Ransomware organization named Embargo is replacing BlackCat and is concealing funds through Crypto Assets wallets, with approximately $18.8 million still untracked.

Conclusion

The United States, in conjunction with multiple international law enforcement agencies, has shut down the BlackSuit Ransomware website and seized $1 million in Crypto Assets, causing a significant impact on the global cybercrime ecosystem. However, as new ransomware groups continue to emerge, cybersecurity threats remain in evolution. Investors and businesses should continue to strengthen their cybersecurity measures and closely monitor international law enforcement developments. For more on Crypto security and market analysis, please follow the official Gate platform.