International law enforcement teams help dismantle BlackSuit ransomware gang. (Getty Images)
In a major win against cybercrime, the U.S. Justice Department revealed that a global task force has dismantled the key systems used by the notorious BlackSuit ransomware group, a successor to the Royal ransomware network. Since 2022, BlackSuit has attacked over 450 targets in the U.S. alone, hitting hospitals, schools, government agencies, power companies, and public safety networks.
This takedown — named Operation Checkmate — was spearheaded by U.S. Immigration and Customs Enforcement (ICE) under the Department of Homeland Security. Canada, the U.K., Germany, Ireland, France, Ukraine, and Lithuania joined forces to execute the coordinated strike.
Millions Seized, Servers Shut Down
The crackdown on July 24 led to the seizure of four servers, nine online domains, and around $1 million in illicit funds. Earlier, on June 21, authorities had already frozen virtual currency holdings worth more than $1.09 million linked to the group. Together, Royal and BlackSuit have extracted over $370 million in ransom payments from victims worldwide, using cryptocurrencies as their main payment channel.
How the Ransomware Worked
BlackSuit and Royal relied on “double extortion” — locking victims out of their systems and threatening to leak stolen data unless they paid up. Victims typically received ransom demands through darknet portals, with payments demanded in cryptocurrency. In one case from April 2023, a victim paid more than $1.44 million in bitcoin to recover their files. A portion of this ransom was later tracked and frozen in January 2024.
Michael Prado, deputy assistant director of Homeland Security Investigations’ Cyber Crimes Center, said the mission wasn’t just about shutting down computers but “breaking apart the criminal ecosystem that keeps these operations running.”
A Blow to the Cybercrime Underworld
Officials believe the dismantling of BlackSuit’s core infrastructure will cause significant disruption to their operations. William Mancino, from the U.S. Secret Service, called the move “a critical blow” to the group’s ability to launch future attacks.
Part of a Larger Crackdown
This isn’t the first major victory for global cybercrime fighters in 2024. Earlier this year, another joint operation — Operation Cronos — took down a dark web platform used by the Lockbit ransomware group, which had extorted over $120 million from more than 2,000 victims worldwide.
The U.S. Attorney’s Office for the Eastern District of Virginia continues to work with international partners to prosecute those involved in the BlackSuit and Royal schemes. Authorities hope that these actions send a clear message to cybercriminals: their reach is no longer beyond the law.
