TL;DR:
• U.S. Justice Department seized $1M Bitcoin and servers from Russian BlackSuit/Royal ransomware gang
• Gang extorted $370M from 450+ US victims including hospitals, schools, and critical infrastructure since 2022
• Global coalition seized 4 servers, 9 domains across 7 countries in coordinated July operation
• BlackSuit alone demanded over $500M total, with largest single ransom hitting $60M according to CISA
The U.S. Department of Justice just dealt a major blow to one of the world's most prolific ransomware operations, seizing $1 million in Bitcoin and critical infrastructure from the Russian gang behind BlackSuit and Royal malware. The coordinated takedown marks a significant victory against cybercriminals who've extorted over $370 million from 450+ victims since 2022, targeting everything from hospitals to power grids across America.
Federal agents just struck at the heart of one of Russia's most destructive ransomware empires. The U.S. Department of Justice announced Monday it has dismantled key infrastructure belonging to the cybercriminal gang behind BlackSuit and Royal ransomware, seizing $1 million in Bitcoin and crippling their operations across two continents.
The coordinated strike on July 24 saw law enforcement agencies from seven countries simultaneously target the gang's digital infrastructure, seizing four servers and nine domains in what ICE's Homeland Security Investigations calls one of the most significant ransomware disruptions to date. The seized cryptocurrency came from a digital exchange account that was frozen back in January 2024, suggesting authorities had been tracking these funds for over a year.
The numbers behind this takedown are staggering. According to federal investigators, Royal and BlackSuit ransomware have compromised more than 450 victims across the United States alone, systematically targeting the nation's most critical sectors. Healthcare systems, educational institutions, public safety organizations, energy infrastructure, and government entities have all fallen victim to what authorities describe as a relentless campaign against American critical infrastructure.
