American authorities confiscate servers and cryptocurrency worth $1.09 million that are connected to the BlackSuit ransomware group.
In a significant move against cybercrime, the US Department of Justice, along with several international agencies, has dismantled the BlackSuit ransomware group in an operation known as Operation Checkmate.
The operation, which took place in July 2025, resulted in the seizure of critical infrastructure, domains, servers, and cryptocurrency assets worth over $1.09 million connected to BlackSuit. The group, also known as Royal, has been active since at least 2022, using a double extortion model to encrypt victim files and threaten to leak stolen data.
The takedown aimed to protect victims and hinder further attacks by cutting off the group's operational assets and financial channels. BlackSuit is capable of disrupting critical infrastructure sectors such as healthcare providers, government facilities, manufacturing plants, and commercial operators. Since 2022, the group has compromised over 450 known victims in the United States alone.
The operation involved the FBI, Department of Justice, Department of Homeland Security, Europol, and other agencies. This marks a growing trend of aggressive US and international collaboration to target ransomware groups through legal and technical disruption of their networks.
Prior to Operation Checkmate, the US Justice Department had already taken action against BlackSuit by filing a forfeiture action to recover $2.3 million in Bitcoin from a member of the Chaos ransomware group. Earlier this year, the US, UK, and Australia jointly sanctioned Russian hosting provider Zservers and its operators for offering bulletproof hosting to the LockBit ransomware gang.
The US is actively fighting back against ransomware attacks through sanctions and enforcement actions, described as a "disruption-first" approach. This includes coordinated seizures of domains and cryptocurrency assets to limit ransomware gangs' capabilities and finances.
Recently, the National Cybersecurity Agency (NCA) in the UK arrested an insider for stealing £4.4 million worth of cryptocurrency seized from Silk Road, while the US DOJ moved to seize $7.7 million in crypto linked to a North Korean IT infiltration scheme. These actions further demonstrate the commitment of US and international agencies to combat cybercrime and protect victims.
[1] Justice Department, Press Release, "Justice Department Announces Seizure of BlackSuit Ransomware Group’s Leak Sites, Negotiation Servers, and Domains," 23 July 2025, https://www.justice.gov/opa/pr/justice-department-announces-seizure-blacksuit-ransomware-groups-leak-sites-negotiation-servers
[3] CyberScoop, "Feds seize BlackSuit ransomware group’s infrastructure in coordinated action," 23 July 2025, https://www.cyberscoop.com/feds-seize-blacksuit-ransomware-group-infrastructure-in-coordinated-action/
Read also:
- Navigating the Path to Tech Product Success: Expert Insights from Delasport, a Trailblazer in the Tech Industry
- Enhanced Privacy Technologies in Data Transmission and Internet Infrastructure
- Trump commends the impressive narrative of the intelligence chief
- Commvault Acquires Satori Cyber to Enhance Data Security Capabilities
