Law Enforcement Seizes BlackSuit Ransomware Servers Targeting U.S. Critical Infrastructure

The U.S. Department of Justice, in collaboration with multiple domestic and international law enforcement agencies, announced the seizure of critical infrastructure associated with the BlackSuit ransomware group, formerly known as Royal.

Authorities dismantled four command-and-control (C2) servers and nine domains utilized by the threat actors for deploying ransomware payloads, extorting victims through double-extortion tactics, and laundering illicit proceeds via cryptocurrency mixing services.

This multi-agency effort, led by the Department of Homeland Security’s Homeland Security Investigations (HSI), the U.S. Secret Service, IRS Criminal Investigation (IRS-CI), and the FBI, incorporated technical expertise from partners in the United Kingdom, Germany, Ireland, France, Canada, Ukraine, and Lithuania.

The operation targeted the group’s backend infrastructure, which facilitated initial access via phishing campaigns, remote desktop protocol (RDP) exploitation, and vulnerability chaining in outdated software stacks, enabling lateral movement within victim networks and data exfiltration prior to encryption.

Executes Coordinated Takedown

The unsealing ...