Top ransomware group BlackSuit has dark web extortion sites seized and shut down

News
By published

Operation Checkmate successfully disrupted BlackSuit

ransomware
Image credit: Pixabay (Image credit: Pixabay)
  • Numerous law enforcement agencies banded together to disrupt BlackSuit
  • The ransomware operators had multiple websites seized
  • No arrests had been made

Notorious ransomware operator BlackSuit has had its infrastructure disrupted by a major law enforcement campaign.

As part of the action, BlackSuit’s main website, accessed through The Onion Router (TOR), was defaced and left with a banner usually propped up by law enforcement after domain seizure.

"This site has been seized by U.S. Homeland Security Investigations as part of a coordinated international law enforcement investigation," the banner said.

Medusa claims responsibility

US Homeland Security, the US Department of Justic (DoJ), the FBI, and other agencies have not yet published an official announcement regarding the takedown, but the DoJ has confirmed the action was part of Operation Checkmate.

Besides the main site, other websites (including the leak site and negotiation site) were also shut down.

This was an international operation, conducted by the US Secret Service, the Dutch National Police, the German State Criminal Police Office, the UK National Crime Agency, the Frankfurt General Prosecutor's Office, the Justice Department, the Ukrainian Cyber Police, Europol, and others.

Bitdefender, a private cybersecurity company, also assisted, saying, "We commend our law enforcement partners for their coordination and determination. Operations like this reinforce the critical role of public-private partnerships in tracking, exposing, and ultimately dismantling ransomware groups that operate in the shadows."

A US Department of Health and Human Services report published in late November 2023 said BlackSuit was first spotted in May that year, showing “striking parallels with Royal, the direct successor of the former notorious Russian-linked Conti operation”.

Unfortunately, taking down websites and seizing infrastructure rarely stops ransomware attacks - it just slows them down a little bit. It usually takes a few weeks for threat actors to recover and continue where they left off, and usually won’t stop until they are arrested.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.