U.S. Cracks Down: $1.09M Crypto Haul & Servers Seized in BlackSuit Ransomware Takedown

Feds just pulled off a digital heist—against the hackers. The U.S. government slammed the brakes on BlackSuit’s ransomware spree, nabbing servers and freezing $1.09 million in crypto mid-money-launder. Talk about poetic justice.

The Takedown:
No more encrypted shakedowns. Authorities didn’t just disrupt the gang’s infrastructure—they hit them where it hurts: their ill-gotten crypto stash. Guess even cybercriminals learn the hard way that ‘not your keys, not your coins’ applies to them too.

The Irony:
BlackSuit’s loot, now locked in a government wallet, probably won’t be funding any tropical retirements. Meanwhile, Wall Street still can’t decide if crypto is a scam or salvation—but at least this time, it helped nail the bad guys.

BlackSuit’s targeted critical U.S. infrastructure

BlackSuit, active since at least 2022, emerged as a spinoff of the Royal ransomware gang, a group already known for large-scale extortion campaigns against critical infrastructure. Investigators say the group began operating under the BlackSuit name in 2023 and was found to be using many of Royal’s tactics, techniques, and tools.

Over time, it built its own reputation in the cybercrime world for targeting large organizations with ransom demands ranging from $1 million to $10 million, and in one case, as high as $60 million. 

The group also operated a portal on the darknet where it listed sensitive stolen data set to be released to the public if victims did not pay the ransom.

By late 2023, the FBI and the Cybersecurity and Infrastructure Security Agency warned in a joint advisory that BlackSuit had the tools and tactics to hit sectors where an attack could cause the most disruption.

BlackSuit has struck critical infrastructure within the U.S., often hitting healthcare providers, government facilities, manufacturing plants, and commercial operators. Victims usually found themselves locked out of vital systems while facing the threat of sensitive data leaks.

In 2023, an unnamed organization paid 49.3 Bitcoin, worth about $1.44 million at the time, to regain control of its systems after a BlackSuit breach, according to the DOJ.

A portion of that ransom payment became the $1.09 million that was seized during the takedown after months of investigation. Authorities estimate that since 2022, BlackSuit has compromised over 450 known victims in the United States alone.

US moves against ransomware gangs

The U.S. has been actively fighting back against ransomware attacks through sanctions and enforcement actions, describing this in today’s announcement as a “disruption-first” approach.

As previously reported by crypto.news, earlier this year the U.S., UK, and Australia jointly sanctioned Russian hosting provider Zservers and its operators for offering bulletproof hosting to the LockBit ransomware gang.

Last month, the Justice Department filed a forfeiture action to recover $2.3 million in Bitcoin from a member of the Chaos ransomware group after the FBI’s Dallas division seized 20 BTC from a Chaos-linked address the same month.