SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

US & Allies Seize BlackSuit Ransomware Servers and $1M in Crypto

Husain Parvez
Husain Parvez Former Writer
Published on: August 15, 2025
Husain Parvez Husain Parvez Former Writer
Published on: August 15, 2025

The U.S. Department of Justice (DOJ) announced August 11 that it has disrupted the operations of the BlackSuit ransomware group, also known as Royal, seizing four servers, nine domains, and over $1 million in laundered cryptocurrency.

The coordinated action took place on July 24 and involved the FBI, the Secret Service, Homeland Security Investigations, IRS Criminal Investigation, and law enforcement from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania.

According to U.S. Immigration and Customs Enforcement, BlackSuit has been one of the most prolific ransomware actors since 2022. Since then, it has targeted more than 450 organizations and collected over $370 million in ransom payments.

Its attacks have hit critical infrastructure sectors, including healthcare, manufacturing, and government facilities. Assistant Attorney General for National Security John A. Eisenberg called the group’s activity “a serious threat to U.S. public safety.”

The DOJ said the takedown also included the unsealing of a warrant for the seizure of virtual currency valued at $1,091,453 at the time of confiscation. These funds were part of a ransom payment made in Bitcoin by a victim in April 2023 and were later moved through a virtual currency exchange until frozen in January 2024.

“This action exemplifies the forward-leaning, disruption-first approach we are taking to address this threat,” said U.S. Attorney Erik S. Siebert for the Eastern District of Virginia. Special Agent in Charge William Mancino of the Secret Service added that the operation “strikes a critical blow to BlackSuit’s infrastructure and operations.”

BlackSuit was previously linked to attacks against the city of Dallas, users of vulnerable Citrix products, and multiple healthcare providers. The FBI and CISA have released advisories outlining the group’s phishing-based intrusion tactics, data exfiltration methods, and extortion strategies, urging organizations to review indicators of compromise and strengthen defenses.

HSI’s Deputy Assistant Director Michael Prado said the disruption was “about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,” emphasizing the role of international coordination in the takedown. The DOJ said investigations into the group’s members and associates are ongoing.

About the Author
Husain Parvez
Husain Parvez
Former Writer
Published on: August 15, 2025

About the Author

Husain Parvez is a former tech writer at Safety Detectives with a focus on cybersecurity, privacy, and all things digital. He has a knack for breaking down complex topics into clear, engaging content, driven by a genuine curiosity about how things work under the hood. When he’s not writing, you’ll find him gaming, watching tech repair videos, or geeking out over the latest AI tools.