The BlackSuit ransomware gang’s darknet extortion websites had been seized on Thursday in an operation involving police from greater than 9 international locations.
A splashpage changing the gang’s checklist of victims on its principal TOR area in addition to its non-public negotiation pages states these websites have “been seized by U.S. Homeland Safety Investigations” as a part of a coordinated worldwide operation.
It options the logos of 17 legislation enforcement entities alongside the cybersecurity firm Bitdefender, giving pole place to Homeland Safety Investigations (HSI), part of the Immigration and Customs Enforcement company that focuses on transnational crime. HSI didn’t instantly reply to a request for remark.
The BlackSuit gang, which is believed to have been operational since April/Could 2023, was a non-public ransomware group that didn’t license its tooling to different criminals like ransomware-as-a-service (RaaS) schemes.
It’s believed to be a rebrand of the Royal ransomware, as an advisory from the FBI and Cybersecurity and Infrastructure Safety Company (CISA) acknowledged final 12 months. The cybercriminals behind the Royal gang had been believed to be linked to the Conti scheme, one of the vital infamous and scrutinized communities in Russian cybercrime.
The joint advisory described BlackSuit as having demanded greater than $500 million in extortion funds from its victims, which internationally are believed to incorporate the Japanese medallion big Kadokawa and Tampa Bay Zoo, one of the vital common zoos in the USA.
In April 2024, the gang claimed duty for an assault in opposition to the blood plasma assortment group Octapharma, which the American Hospital Affiliation said “resulted within the non permanent closure of just about 200 blood plasma assortment facilities” throughout the nation.
Following the takedown, Cisco Talos Incident Response revealed research discovering a number of the BlackSuit gang had already gone on to kind a part of the Chaos ransomware scheme “primarily based on similarities within the ransomware’s encryption methodology, ransom word construction, and the toolset used within the assaults.”
Recorded Future
Intelligence Cloud.
