On July 24, law enforcement from over nine countries took down the darknet extortion platforms used by the BlackSuit ransomware group in a coordinated global operation. 

Visitors to the gang’s TOR-based victim list and extortion portals are now met with a splashpage confirming the domains were seized in a global law enforcement effort led by Homeland Security Investigations. 

The splashpage features logos from 17 law enforcement bodies and cybersecurity firm Bitdefender, prominently highlighting Homeland Security Investigations (HSI), the ICE division focused on transnational crime. 

This private gang did not share or lease its hacking tools with others, distinguishing it from ransomware-as-a-service syndicates. 

Officials believe BlackSuit may simply be Royal ransomware under a new name. The Royal operators were themselves believed to have connections to the infamous Conti gang, a major player in Russian cybercrime. 

A joint advisory reported that BlackSuit’s global ransomware campaign included major victims like Japanese media firm Kadokawa and the highly visited Tampa Bay Zoo. 

The American Hospital Association reported that an April 2024 cyberattack claimed by BlackSuit forced the temporary shutdown of almost 200 blood plasma collection facilities operated by Octapharma across the U.S.