The BlackSuit ransomware gang’s darknet extortion websites have been seized on Thursday in an operation involving police from greater than 9 nations.
A splashpage changing the gang’s listing of victims on its primary TOR area in addition to its non-public negotiation pages states these websites have “been seized by U.S. Homeland Safety Investigations” as a part of a coordinated worldwide operation.
It options the logos of 17 regulation enforcement entities alongside the cybersecurity firm Bitdefender, giving pole place to Homeland Safety Investigations (HSI), part of the Immigration and Customs Enforcement company that focuses on transnational crime. HSI didn’t instantly reply to a request for remark.
The BlackSuit gang, which is believed to have been operational since April/Might 2023, was a personal ransomware group that didn’t license its tooling to different criminals like ransomware-as-a-service (RaaS) schemes.
It’s believed to be a rebrand of the Royal ransomware, as an advisory from the FBI and Cybersecurity and Infrastructure Safety Company (CISA) acknowledged final yr. The cybercriminals behind the Royal gang have been believed to be linked to the Conti scheme, one of the crucial infamous and scrutinized communities in Russian cybercrime.
The joint advisory described BlackSuit as having demanded greater than $500 million in extortion funds from its victims, which internationally are believed to incorporate the Japanese medallion big Kadokawa and Tampa Bay Zoo, one of the crucial standard zoos in the USA.
In April 2024, the gang claimed duty for an assault in opposition to the blood plasma assortment group Octapharma, which the American Hospital Affiliation mentioned “resulted within the short-term closure of just about 200 blood plasma assortment facilities” throughout the nation.
Following the takedown, Cisco Talos Incident Response printed analysis discovering a number of the BlackSuit gang had already gone on to type a part of the Chaos ransomware scheme “primarily based on similarities within the ransomware’s encryption methodology, ransom observe construction, and the toolset used within the assaults.”
Recorded Future
Intelligence Cloud.
Be taught extra.
