Another ransomware gang is in US Crosshairs, with authorities that go against the Blacksuit Group, active since 2022 and linked to more than $ 370 million in ransom.
Summary
- American authorities have seized four servers, nine domains and $ 1.09 million in cryptocurrency that are linked to the Blacksuit Ransomware group.
- Blacksuit has been aimed since 2022 on critical infrastructure in the US.
- It emerged like a spider -off of the Royal Ransomware gang.
On Monday, the Ministry of Justice said It grabbed four servers, nine domains and around $ 1.09 million in cryptocurrency bound to Blacksuit, together with us and international partners to make the raid.
The Takedown of 24 July attracted a broad coalition of agencies, from research to domestic security and the secret service to IRS Criminal Investigation and the FBI, in addition to law enforcement of the United Kingdom, Germany, Ireland, France, Canada, Ukraine and Lithuania.
Civil servants also fired a federal order to grab the cryptocurrency, which had frozen a public exchange earlier this year.
Blacksuit’s targeted critical American infrastructure
Blacksuit, active since at least 2022, emerged as a spin-off from the Royal Ransomware gang, a group that is already known for large-scale extortion campaigns against critical infrastructure. Researchers say that the group started working under the Blacksuit -name in 2023 and turned out to use many of the tactics, techniques and tools from Royal.
Over time, it built up its own reputation in the cyber crime world for aiming large ransom organizations, ranging from $ 1 million to $ 10 million, and in one case as high as $ 60 million.
The group also served a portal on the Darknet, where it stated a sensitive stolen data set that was released to the public if victims did not pay the ransom.
Towards the end of 2023, the FBI and the cyber security and infrastructure Security Agency warned in a joint advice that Blacksuit had the tools and tactics to hit sectors where an attack could cause the most disruption.
Blacksuit has a critical infrastructure within the US closed and often touched by healthcare providers, government facilities, factories and commercial operators. Victims were usually excluded from vital systems and stood for the threat of sensitive data leaks.
In 2023, a non -mentioned organization paid 49.3 Bitcoin, worth around $ 1.44 million at that time, to regain control of its systems after a blacksuit infringement, according to the Doj.
Part of that ransom payment was the $ 1.09 million that was seized during the Takedown after months of investigation. Authorities estimate that Blacksuit has affected more than 450 well -known victims in the United States since 2022 alone.
US moving against ransomware -gangs
The US has actively fought back against ransomware attacks due to sanctions and enforcement actions, which describe this in today’s announcement as a “Stort-first” approach.
As previously reported by crypto.news, earlier this year the US, the VK and Australia jointly sanctioned the Russian hosting provider Zervers and its operators for offering bulletproof hosting on the lockbit ransomware gang.
Last month, the Ministry of Justice submitted a forfeiture statement to reclaim $ 2.3 million in Bitcoin from a member of the Ransomware Group Chaos after the FBIs Dallas Division 20 BTC had seized a chaos-linked address in the same month.
