EddieJayonCrypto

 13 Aug 25

tl;dr

The US government, in a coordinated international effort, seized servers, domain names, and roughly $1 million in cryptocurrency from the ransomware group BlackSuit, a spinoff of the Royal ransomware gang active since 2023. BlackSuit targeted critical infrastructure sectors, extorting over $370 mill...

The US government has successfully seized servers, domain names, and approximately $1 million in cryptocurrency assets from the ransomware group BlackSuit. This operation was a coordinated effort by multiple US and international law enforcement agencies in late July, resulting in the unsealing of a warrant for the seizure of crypto assets valued at just over $1 million at the time. Michael Prado, deputy assistant director at the Homeland Security Investigations Cyber Crimes Center, emphasized that dismantling ransomware involves more than just taking down servers; it requires disrupting the entire cybercriminal ecosystem.

BlackSuit, a spinoff of the Royal ransomware gang, has been active since at least 2023. The seizure coincides with other US measures against ransomware, such as sanctioning the Aeza Group, a ransomware hosting provider. The takedown was led by the Department of Homeland Security’s Homeland Security Investigations and included support from the Secret Service, the IRS, the FBI, and law enforcement agencies across the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania.

The Justice Department reported that BlackSuit routinely targeted critical infrastructure sectors including healthcare, government, manufacturing, and commercial facilities. Victims were usually coerced into paying ransoms in Bitcoin through darknet websites, with amounts ranging from $1 million to $10 million. Since 2022, BlackSuit has compromised over 450 victims in the US and extorted more than $370 million in ransom payments. The group employed double-extortion tactics, encrypting systems while threatening to leak stolen data to pressure payments.

Assistant Attorney General for National Security John Eisenberg highlighted the serious public safety threat posed by BlackSuit’s persistent attacks on US infrastructure. In a notable incident in 2023, a victim paid 49.3 BTC—valued at roughly $1.4 million—to regain access to their data. Part of this ransom, amounting to $1 million, was repeatedly moved through a cryptocurrency exchange until the funds were frozen in early 2024, although the exchange remains unnamed. The Cybersecurity and Infrastructure Security Agency disclosed that BlackSuit’s largest ransom demand reached $60 million.

Ransomware successors continue to emerge. In July, the FBI seized 20 BTC, worth about $2.4 million, from a prominent member of the Chaos ransomware group. Additionally, TRM Labs analysts recently identified a new ransomware group called Embargo, possibly a successor to BlackCat, which launders proceeds through crypto accounts. About $18.8 million in dormant funds remain in unattributed wallets, illustrating ongoing challenges in combating crypto-based cybercrime.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 28 Aug 25
 28 Aug 25
 28 Aug 25