U.S. Authorities Decimate BlackSuit Malware Syndicate in Landmark Cyber Takedown
Federal cyber forces just dropped the hammer—BlackSuit's ransomware empire is crumbling.
Operation Midnight Blade slices through criminal infrastructure
The DOJ and FBI coordinated a multi-agency strike, dismantling servers, seizing domains, and arresting key operators. No more 'pay up or lose everything' for this crew—unless they're trading ramen in federal prison.
Ransomware's new ROI: Zero
BlackSuit extorted millions from hospitals and schools before their infrastructure got a forced 'system update.' Meanwhile, Wall Street still can't patch its 1970s mainframe energy.
Over $1 Million Seized In BlackSuit Bust
According to an August 11 press release from the DOJ, U.S. officials from four different agencies partnered with international law enforcement from the United Kingdom, Germany, Ireland, France, Canada, Ukraine, and Lithuania to take down four domains and nine servers late last month.
The Justice Department today announced coordinated actions against the BlackSuit (Royal) Ransomware group which included the takedown of four servers and nine domains on July 24. These actions include the unsealing of a warrant for the seizure of VIRTUAL currency valued at… pic.twitter.com/Inz6naZZoL
— U.S. Attorney DC (@USAO_DC) August 11, 2025Officials involved in the operation say a recently unsealed warrant shows that authorities seized over $1 million worth of digital assets tied to the malware scheme on June 21.
“When it comes to protecting U.S. businesses, critical infrastructure, and other victims from ransomware and other cyberthreat actors, we will pull no punches,” said U.S. Attorney Erik S. Siebert for the Eastern District of Virginia.
The report states that the ransomware group is known to target “Critical Infrastructure sectors” including, but not limited to, Critical Manufacturing, Government Facilities, Healthcare and Public Health, and Commercial Facilities.
“The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to U.S. public safety,” said Assistant Attorney General for National Security John A. Eisenberg.
“The National Security Division is proud to be part of an ongoing team of government agencies and partners working to protect our Nation from threats to our critical infrastructure,” he added.
North Korea’s Crypto Connection
U.S. officials have long targeted malware schemes tethered to the cryptocurrency industry, particularly when it comes to the North Korean state espionage collective, the Lazarus Group.
A report from a U.N. panel of experts published last year revealed that an estimated 40% of North Korea’s weapons of mass destruction (WMD) were funded through “illicit cyber means.”
As of 2024, the Lazarus Group had stolen more than $3 billion worth of digital assets globally.
