Overview

• In July, a joint international takedown codenamed Operation Checkmate seized BlackSuit’s servers, domains and dark-web extortion sites, replacing leak pages with seizure banners.
• Homeland Security Investigations attributed more than $370 million in ransom payments to Royal and BlackSuit, which compromised over 450 US victims since 2022.
• The syndicate employed double-extortion tactics by encrypting systems and threatening to publish stolen data to coerce payments.
• Successor to the Conti cybercrime group, the operation debuted as Quantum in January 2022 before rebranding as Royal in September 2022 and BlackSuit in June 2023.
• Cisco Talos researchers assess with moderate confidence that former affiliates are resurfacing under a new Chaos ransomware brand, indicating ongoing threat potential.