In a major international cybercrime operation, the U.S. Department of Justice has announced the takedown of infrastructure belonging to a notorious Russian ransomware group responsible for the BlackSuit and Royal malware strains.

On July 24, in collaboration with law enforcement agencies from Canada, Germany, Ireland, France, the United Kingdom, and several other nations, authorities seized four servers, nine domains, and approximately $1 million worth of cryptocurrency linked to the group.

BlackSuit and Royal are two distinct ransomware variants believed to be operated by the same cybercriminal organization. These attacks have consistently targeted critical infrastructure in the United States and abroad, posing significant threats to public safety.

According to the Cybersecurity and Infrastructure Security Agency (CISA), the group has demanded over $500 million in ransom payments, with the highest single demand reaching $60 million. Since 2022, the operators behind BlackSuit and Royal have compromised more than 450 organizations across healthcare, education, public safety, energy, and government sectors, amassing more than $370 million in illicit gains.

Assistant Attorney General for National Security John A. Eisenberg emphasized the severity of the threat, noting that the group’s repeated attacks on critical U.S. systems represent a direct risk to national security.

The recovered Bitcoin was traced to an account at a digital currency exchange, where the funds had been frozen since January of last year. Homeland Security Investigations (HSI), which led the probe, credited the success to global collaboration and the sharing of cyber threat intelligence.

This operation marks another step in the international fight against ransomware, highlighting the importance of coordinated law enforcement efforts in disrupting the financial infrastructure that sustains these attacks.

Source: https://techcrunch.com/2025/08/11/u-s-government-seized-1-million-from-russian-ransomware-gang