In a significant development in the fight against cybercrime, US and international law enforcement agencies have taken a major step against the BlackSuit ransomware gang by seizing around $1 million in cryptocurrency. The move also disrupted the group’s servers and domain names.
The operation, which took place in late July 2025, was led by with support from the Secret Service, IRS, and FBI. Officers from Ireland, Canada, Ukraine, the UK, Germany, Lithuania, and France also joined the effort to take down the gang.
BlackSuit first appeared as a spin-off of the Royal ransomware group and has been active since 2023. The group targeted hospitals, government offices, factories, and businesses across the United States.
Since 2022, authorities have linked BlackSuit to more than 450 victims and over $370 million in ransom payments. Most common demands ranged between $1 million and $10 million in Bitcoin, with some requests reaching $60 million.
The included part of a ransom payment from 2023 worth 49 BTC, valued at about $1.4 million at the time. Law enforcement traced the funds through crypto exchanges after the money was deposited and withdrawn multiple times. Cooperation with private firms helped authorities recover roughly $1 million connected to the gang.
Michael Prado, deputy assistant director of the Homeland Security Investigations Cyber Crimes Center, said the idea was to dismantle the infrastructure that BlackSuit used to operate, not just take down a couple of servers offline. Authorities emphasize that disruption alone will not stop all attacks, but it sends a clear message to ransomware groups.