Particle.news
Download on the App Store
13 ARTICLES
·
yesterday

Multinational Operation Disrupts BlackSuit Ransomware and Recovers $1.09 Million in Crypto

Despite the disruption, no suspects have been publicly arrested with security researchers cautioning that the group could resurface under a new name such as Chaos.

Blacksuit
Image
Image
Image

Overview

  • On July 24, a U.S.-led task force joined counterparts from the UK, Germany, Ireland, France, Canada, Ukraine and Lithuania to seize four servers and nine domains used by BlackSuit’s ransomware infrastructure.
  • Investigators traced a 49.3120227 BTC ransom paid on April 4, 2023, to a cryptocurrency exchange where $1.09 million of those funds was frozen on January 9, 2024 before a federal seizure warrant was unsealed on August 11.
  • Homeland Security Investigations, the FBI, the Secret Service and IRS Criminal Investigation report that BlackSuit has extorted more than $370 million since 2022 across over 450 U.S. critical infrastructure victims in healthcare, manufacturing, government and public health.
  • These disruption-first tactics built on Operation Checkmate’s takedown of the gang’s dark web extortion portal with no public arrests despite extensive asset seizures.
  • Cisco Talos and other security researchers warn former BlackSuit operators may regroup under a new ransomware-as-a-service brand called Chaos, highlighting the limits of single-wave infrastructure seizures.