Feds take down BlackSuit ransomware gang, seize $1M in crypto
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Federal law enforcement took down servers and web domains and seized roughly $1 million worth of cryptocurrency tied to the BlackSuit ransomware gang, authorities announced Monday.
Why it matters: BlackSuit had quite the rap sheet, hitting more than 100 companies in the last year across industries including manufacturing, education, research, health care and construction.
Driving the news: The Department of Justice and Homeland Security announced the takedown this week amid weeks of speculation after the gang's data leak site went dark late last month.
- The U.S. worked with law enforcement partners in the U.K., Germany, Ireland, France, Canada, Ukraine and Lithuania.
The big picture: The Homeland Security Investigations division inside U.S. Immigration and Customs Enforcement estimates that BlackSuit had compromised more than 450 victims in the United States since 2022.
- Those estimates also include victims of the Royal ransomware gang, which ultimately rebranded as BlackSuit in 2024.
- Bitdefender, which worked with law enforcement on the takedown, estimates in a blog post that BlackSuit had more than 150 entries on its data leak site.
What they're saying: "This operation strikes a critical blow to BlackSuit's infrastructure and operations," William Mancino, a special agent in charge at the U.S. Secret Service, said in a statement.
Yes, but: A global law enforcement operation may not be the final nail in the coffin for BlackSuit, given that ransomware gangs often rebuild and rebrand after a major takeover.
Go deeper: How a ransomware attack works
