Federal and international law enforcement officers moved in late July to disrupt the BlackSuit ransomware gang, seizing servers, domain names and roughly a million dollars in cryptocurrency tied to its operations.
According to the Justice Department, the action included an unsealed warrant for the seizure of digital assets and was led by Homeland Security Investigations with help from the Secret Service, the IRS and the FBI.
International Law Enforcement Action
A statement from the Justice Department says investigators worked with partners in the UK, Germany, Ireland, France, Canada, Ukraine and Lithuania to carry out the takedown.
Michael Prado, deputy assistant director at the Homeland Security Investigations Cyber Crimes Center, said law enforcement aimed to dismantle the systems that let these groups operate, not just pull a few servers offline.
The move followed other recent steps by the US, including sanctions against a ransomware hosting provider in July.
Justice Department Announces Coordinated Disruption Actions Against BlackSuit (Royal) Ransomware Operations
Law Enforcement Seizes Servers, Domains, and Approximately $1 Million In Laundered Proceeds Owned By BlackSuit (Royal) Ransomware
“The BlackSuit ransomware gang’s… pic.twitter.com/EIXS7X0Su3
— National Security Division, U.S. Dept of Justice (@DOJNatSec) August 11, 2025
Scope Of The BlackSuit Campaign
Based on reports, BlackSuit first appeared as a spinoff of the Royal ransomware gang and has been active since at least 2023.
Officials say the group targeted critical infrastructure across sectors — healthcare, government facilities, manufacturing and commercial sites.
Since 2022 investigators have linked the gang to more than 450 known victims in the US and reported that it has received over $370 million in ransom payments.
Ransom demands have typically ranged from about $1 million to $10 million in BTC, and Cybersecurity and Infrastructure Security Agency data lists the largest single demand at $60 million.
How The Funds Were Traced
Reports disclose that a 2023 ransom payment of 49 BTC — worth roughly $1.4 million at the time — was involved in the funds now seized, and that part of that payment was deposited and withdrawn repeatedly from a crypto exchange until the account was frozen in early 2024.
The DOJ did not name the exchange. Officials say this kind of tracing and cooperation with private firms is what allowed agents to follow the money trail and secure assets connected to the scheme.
This operation removed infrastructure and recovered roughly $1 million tied to a gang accused of hundreds of attacks and hundreds of millions in ransom takings.
The clampdown is a strong tactical win and a clear sign that authorities and international partners are working together — but disruption alone won’t stop every attack.
Featured image from Bing Create, chart from TradingView
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
