The U.S. and International law enforcement have taken down servers and websites operated by the Russian ransomware group BlackSuit. Additionally, the U.S. seized approximately $1 million in cryptocurrency.
The Justice Department stated on August 11, 2025, that U.S. and international law enforcement agencies led an operation against BlackSuit in late July. The operation was led by the U.S. Department of Homeland Security, in collaboration with agencies such as the Secret Service, the IRS, and the FBI, as well as police forces from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania.
The operation included unsealing a warrant for the seizure of virtual currency valued at just over $1 million at the time. “Disrupting ransomware infrastructure is not only about taking down servers; it’s about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,” said Michael Prado, Deputy Assistant Director at HSI’s Cyber Crimes Center.
BlackSuit Ransomware Targets US Sectors
BlackSuit has been active since the year 2022. The group has targeted important U.S. sectors including healthcare, government, manufacturing, and businesses. Since 2022, it has attacked over 450 known U.S. victims and has collected more than $370 million in ransom payments.
The group used a sneaky tactic called double extortion in which they locked victims’ computer systems with encryption. Further, they threatened the victims by stating that they would share the stolen data if the victims did not pay in bitcoin (BTC) through secret darknet websites.
In 2023, one victim paid 49.3 BTC, at the time worth about $1.4 million, to unlock their data. Authorities subsequently confiscated approximately $1 million of this payment, which they traced through a cryptocurrency exchange and froze in early 2024.
BlackSuit’s ransom demands typically ranged from $1 million to $10 million, with the largest known demand reaching $60 million, according to the Cybersecurity and Infrastructure Security Agency.
This initiative of shutting down the BlackSuit servers and websites highlights that the U.S. is actively fighting against ransomware, including placing sanctions on the Aeza Group, a company that helps ransomware groups.
Also Read: HashFlare Co-Founders Sentenced to Time Served in $577M Ponzi Scheme
