In a significant crackdown on cybercrime, the Justice Department announced a series of coordinated actions to disrupt the operations of the notorious BlackSuit (Royal) Ransomware group, which has been targeting U.S. critical infrastructure with cyber attacks. An international law enforcement effort led to the takedown of four servers and nine domains associated with the group on July 24, a seizure of virtual currency valued at over $1 million. It was supported by agencies from the United Kingdom, Germany, Ireland, France, Canada, Ukraine, and Lithuania, according to the Justice Department.
"The National Security Division is proud to be part of an ongoing team of government agencies and partners working to protect our Nation from threats to our critical infrastructure," said Assistant Attorney General for National Security John A. Eisenberg, per the Justice Department. At the same time, U.S. Attorney Erik S. Siebert for the Eastern District of Virginia emphasized a 'disruption-first approach' to protect U.S. businesses and infrastructure. The Justice Department's recent move reflects a strategic shift toward a more aggressive posture in combating cyberthreats. These sweeping operations entail not just the dismantling of servers but also the eradication of the entire support network that allows cybercriminals to operate with such impunity, as illustrated by the unsealing of a warrant that allowed for the seizure of ill-gotten virtual currency gained through malicious ransomware activities deployed by the group.
This decisive action is part of a concerted international collaboration, the BlackSuit's sophisticated ransomware attacks have been a consistent nightmare for sectors like manufacturing, government facilities, and healthcare, prompting a detailed advisory by the FBI and CISA that outlines the group’s tactics, techniques, and procedures, as well as indicators of compromise to aid organizations in bolstering their cyber defenses. According to the Justice Department's statement, the coordinated efforts of multiple U.S. agencies and international law enforcement led to the seizure of assets, including approximately $1,091,453 in virtual currency, which is linked to a single ransom payment of nearly 50 Bitcoin made by a victim to the BlackSuit group last year.
