BlackSuit Ransomware Hit by US Crackdown, Servers Down, $1M in Crypto Seized Brenda Mary | usagoldmines.com

TLDR:

• US-led raid dismantled four Blacksuit ransomware servers, nine domains, and seized over $1M in stolen crypto.
• BlackSuit ransomware targeted US critical infrastructure, including healthcare, manufacturing, and government facilities.
• The operation involved US agencies and law enforcement from eight other countries.
• Seized funds were linked to a 2023 ransom payment worth over $1.4M at the time.

It was a coordinated hit. US authorities and global partners moved in on the BlackSuit ransomware group, knocking their servers offline and freezing stolen funds. 

The action wasn’t small either, four servers, nine domains, and over a million dollars in crypto are now in government hands. 

The group, also known as Royal, has been on law enforcement’s radar for years. Their victims weren’t just private companies but also critical infrastructure sectors that can’t afford downtime.

Crackdown on the BlackSuit Ransomware Network

The US Justice Department confirmed the operation in a statement released August 11, 2025. It detailed how the takedown went down on July 24. 

Multiple agencies were involved, including Homeland Security Investigations, the FBI, the Secret Service, and IRS Criminal Investigation. This wasn’t just a US show of force. Partners from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania joined in.

Investigators seized four servers and nine domains tied to BlackSuit’s ransomware operations. These assets were used to deploy ransomware, extort victims, and launder crypto proceeds. About $1,091,453 in virtual currency was also recovered. The funds had been frozen earlier by a crypto exchange after suspicious activity flagged the account.

The group’s operations followed a familiar but dangerous pattern. They encrypted critical systems and demanded ransom in Bitcoin through darknet portals. One 2023 payment of roughly 49.31 BTC was worth over $1.4 million at the time.

US authorities say the case is still active. Evidence continues to be analyzed with the goal of further arrests and seizures.

How BlackSuit Targeted US Critical Infrastructure

According to a previous FBI and CISA cybersecurity advisory, BlackSuit has been active across several key sectors. These include healthcare, manufacturing, public health, and government facilities. Their tactics involve exploiting vulnerabilities, stealing data, and then threatening to leak it unless ransoms are paid.

The US Justice Department says such operations are a clear risk to public safety. Disruptions in healthcare or manufacturing can cause real-world harm beyond financial loss. That’s why this takedown was prioritized.

Officials also noted that ransomware operations rely on an entire ecosystem. Beyond the core attackers, there are hosting providers, money launderers, and even contractors who write the malicious code. By seizing the servers and domains, authorities aim to choke off that ecosystem.

The seized crypto wasn’t just sitting idle. Transactions showed repeated deposits and withdrawals intended to hide its origin. IRS Criminal Investigation’s cyber unit played a major role in tracking these movements until the exchange froze the funds.

A Global Effort to Disrupt Cybercrime

US law enforcement emphasized that this kind of takedown can’t happen without international cooperation. Cybercriminals often operate across borders, making unilateral action difficult. The July 24 operation required coordination across nine countries and several specialized cybercrime units.

Officials say more actions against ransomware gangs are planned. While some infrastructure has been dismantled, the people behind BlackSuit are still out there. Tracking them down will be the next step.

For now, the operation sends a clear message. Law enforcement can hit ransomware operators where it hurts, in their wallets and in their ability to operate. And with $1 million in seized crypto, BlackSuit has learned that lesson the hard way.

The post BlackSuit Ransomware Hit by US Crackdown, Servers Down, $1M in Crypto Seized appeared first on Blockonomi.

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.