Overview
- Investigators from LKA Niedersachsen and Staatsanwaltschaft Verden worked with U.S. Homeland Security and Europol to identify and seize the group’s servers at the end of July.
- Shutting down the servers halted the group’s communication networks, malware distribution and public-facing platforms.
- Blacksuit/Royal employed a double-extortion scheme by encrypting victims’ data, stealing copies and threatening publication or sale to force ransom payments.
- Authorities secured extensive volumes of data during the operation for forensic analysis to identify and prosecute those responsible.
- A press conference in Hanover at 12:30 p.m. today will unveil further details on the evidence and next steps in the investigation.