The US Department of Justice confirmed this week that it seized $1m in illicit proceeds from the BlackSuit ransomware gang, as well as servers and domains from the group.
The operation group spanned multiple US agencies, including the Department of Homeland Security, the Secret Service and the FBI, an unsealed warrant revealed yesterday.
It also included counterparts from the UK, Germany, Ireland, France, Canada, Ukraine and Lithuania.
An earlier statement from Homeland Security Investigations said the group had compromised over 450 victims in the US alone and racked up over $370m in ransom payments, “based on present-day valuations of cryptocurrency.”
The group had regularly attacked healthcare organisations, as well as other critical infrastructure sectors, including government facilities and critical manufacturing. It was previously known as Royal, before a “rebrand” last year.
The operation appears to have been triggered by a ransom payment in April 2023, when a victim paid 49.3120227 Bitcoin via a darknet website to decrypt their data
“A portion of those proceeds ($1,091,453) was repeatedly deposited and withdrawn into a virtual currency exchange account until the funds were frozen by that exchange on or about Jan. 9, 2024,” the DoJ’s statement said.
Whether this spells the end of the group is debatable. The statements referred to the seizure of four servers and nine domains, while the amount seized is a fraction of the group’s overall haul. While the phrase “takedown” is used liberally in the various agencies’ statements, so is the word “disrupt”.
U.S. Attorney Jeanine Ferris Pirro for the District of Columbia said: “Whether these criminals target law enforcement, other government agencies, or private companies, my office and our law enforcement partners stand ready to go toe-to-toe with criminals and make victims whole.”
John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, said in a statement, the group was “directly responsible for multiple disruptive attacks against hospitals and health systems, posing a direct risk to patient and community safety.
“We hope these aggressive law enforcement operations continue at a pace that will meaningfully degrade foreign cyber adversaries’ abilities to harm the American public.”
