The U.S. Department of Justice announced on Monday that it has seized the servers and $1 million in bitcoin from the prolific Russian ransomware gang behind the BlackSuit and Royal malware. According to the press release, a coalition of global law enforcement agencies, including from the U.S., Canada, Germany, Ireland, France, and the U.K., seized four servers and nine domains on July 24. Authorities also confiscated approximately $1 million in cryptocurrency.
BlackSuit and Royal are two distinct types of ransomware believed to be developed by the same Russian cybercriminal group, which has targeted critical infrastructure in the United States and other countries. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated last year that BlackSuit actors have demanded over $500 million in total, with the largest individual ransom demand reaching $60 million.
Assistant Attorney General for National Security John A. Eisenberg emphasized the severity of the threat, stating that the BlackSuit ransomware gang’s persistent attacks on U.S. critical infrastructure pose a serious risk to public safety.
According to ICE’s Homeland Security Investigations, which led the operation, Royal and BlackSuit have compromised more than 450 victims in the U.S., including organizations in healthcare, education, public safety, energy, and government sectors. Since 2022, the cybercriminals have collected over $370 million in ransom payments.
The seized bitcoin was recovered from a digital currency exchange account, which had its funds frozen in January of last year.
The disruption of this ransomware operation marks a significant victory for international law enforcement in combating cybercrime.