Global Law Enforcement Disrupts BlackSuit Ransomware Operation, Seizing Servers and Assets
A U.S.-led international law enforcement operation has dealt a significant blow to the BlackSuit ransomware group, seizing its servers and assets, the Department of Justice (DOJ) announced Monday. Formerly known as Royal Ransomware, the cybercriminal organization has extorted at least 450 U.S. victims since 2022, including hospitals, critical infrastructure, manufacturers, energy entities, and government offices, with total ransom demands exceeding $370 million, according to the Cybersecurity & Infrastructure Security Agency (CISA).
The takedown follows a pattern of escalating regulatory and enforcement actions against cyber threats. Separately, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two Russian web-hosting services linked to ransomware operations, including LockBit, for providing infrastructure to cybercriminals.
In other enforcement developments, the Federal Trade Commission (FTC) finalized an order against General Motors and its OnStar subsidiary for improperly collecting and using geolocation and driving behavior data from customers. Meanwhile, Kaiser Health affiliates agreed to a $556 million settlement over allegations that they manipulated Medicare patient diagnoses to secure higher federal payments, ignoring prior compliance warnings.
The crackdown on BlackSuit underscores the growing pressure on organizations to strengthen cybersecurity and compliance measures, particularly as ransomware groups continue to target high-value sectors. The operation also reflects broader international efforts to dismantle cybercrime infrastructure, with law enforcement agencies prioritizing the disruption of ransomware-as-a-service (RaaS) networks.
U.S. Department of Justice Office of the Inspector General cybersecurity rating report: https://www.rankiteo.com/company/u-s-department-of-justice-office-of-the-inspector-general
"id": "U-S1769265015",
"linkid": "u-s-department-of-justice-office-of-the-inspector-general",
"type": "Breach",
"date": "6/2022",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Healthcare',
'location': 'U.S.',
'type': 'Hospitals'},
{'location': 'U.S.', 'type': 'Critical Infrastructure'},
{'industry': 'Manufacturing',
'location': 'U.S.',
'type': 'Manufacturers'},
{'industry': 'Energy',
'location': 'U.S.',
'type': 'Energy Entities'},
{'industry': 'Government',
'location': 'U.S.',
'type': 'Government Offices'}],
'data_breach': {'data_encryption': 'Yes (ransomware encryption)'},
'description': 'A U.S.-led international law enforcement operation has dealt '
'a significant blow to the BlackSuit ransomware group, seizing '
'its servers and assets. The group, formerly known as Royal '
'Ransomware, has extorted at least 450 U.S. victims since '
'2022, including hospitals, critical infrastructure, '
'manufacturers, energy entities, and government offices, with '
'total ransom demands exceeding $370 million.',
'impact': {'financial_loss': '$370 million (total ransom demands)'},
'investigation_status': 'Disrupted (servers and assets seized)',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'ransom_demanded': '$370 million (total)',
'ransomware_strain': 'BlackSuit (formerly Royal Ransomware)'},
'references': [{'source': 'Department of Justice (DOJ)'},
{'source': 'Cybersecurity & Infrastructure Security Agency '
'(CISA)'}],
'response': {'containment_measures': 'Seizure of servers and assets',
'law_enforcement_notified': 'Yes (U.S.-led international law '
'enforcement operation)'},
'threat_actor': 'BlackSuit (formerly Royal Ransomware)',
'title': 'Global Law Enforcement Disrupts BlackSuit Ransomware Operation, '
'Seizing Servers and Assets',
'type': 'Ransomware'}