In a fresh offensive against cybercrime, US authorities dismantled four servers, seized nine domains, and took control of more than $1 million in cryptocurrency linked to the BlackSuit ransomware gang. 

According to a Monday announcement from the Department of Justice, the July 24 takedown was led by Homeland Security Investigations (HSI) and involved the US Secret Service, IRS-CI, FBI, and law enforcement partners from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania. 

Known as both BlackSuit and Royal, the ransomware group has been linked to attacks on US critical infrastructure since 2022, with more than 450 victims including schools, hospitals, energy companies, and government agencies, according to ICE’s Homeland Security Investigations. Assistant Attorney General John A. Eisenberg said these actions endangered public safety and vowed continued cooperation among US law enforcement to combat cybercrime. 

From Law Enforcement and Experts 

"This action exemplifies the forward-leaning, disruption-first approach we are taking to address this threat,” said U.S. Attorney Erik S. Siebert for the Eastern District of Virginia. “When it comes to protecting U.S. businesses, critical infrastructure, and other victims from ransomware and other cyberthreat actors, we will pull no punches.” 

"Disrupting ransomware infrastructure is not only about taking down servers — it's about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,” said Deputy Assistant Director Michael Prado for HSI’s Cyber Crimes Center (C3). "This operation is the result of tireless international coordination and shows our collective resolve to hold ransomware actors accountable."  

Craig Jones, Ontinue’s CSO, noted that although this action may fall short of a decisive blow, it is a critical move toward ensuring cybercriminals face personal accountability. 

"Without arrests, the operators behind BlackSuit still have the skills, infrastructure know-how, and hundreds of millions in funding to restart operations under a new name," Jones said. "We've seen this cycle play out with other ransomware crews, and disruption without accountability usually only buys time. The coordinated international effort is encouraging, but lasting impact will require hitting the human element, not just the servers."