Successor of the Royal Ransomware group, Blacksuit is responsible for having targeted more than 450 Americans in the health, education, public security, energy and government sectors, and has been linked to several world attacks since 2022.
The operation coordinated and baptized the operation “Checkmate” – or” failure and mat “in French specifically aimed at royal and blacksuit groups. It was led by the ICE (Immigration and Customs Enforcement) of the DHS (Department of Homeland Security) with the help of international repressive services of Canada, the United Kingdom, Germany, Ireland, France, Ukraine and Lithuania, the ICE said in a press release.
The operation made it possible to seize four servers, nine domains and approximately $ 1 million US dollars of whitewashed products on July 24, in addition to a virtual currency estimated at around 1.1 million dollars, which was seized around June 21, 2024, according to the DoJ.
The Blacksuit group and the Royal Group extorted more than $ 370 million in ransoms in total, based on the current value of cryptocurrencies, the ICE said.
“Disturbing the Ransomware infrastructure is not only to dismantle servers, but also to dismantle the whole ecosystem that allows cybercriminals to operate with impunity,” said Michael Prado, deputy deputy director of the Cyber Crimes Center (C3) of the Homeland Security Investigation (HSI).
These groups used a “double extortion strategy” consisting in encrypting the operating systems of the victims while threatening to disclose the stolen personal data in order to force them to pay.
“This operation brings a heavy blow to the infrastructure and activities of Blacksuit,” said William Mancino, a special agent in charge of the Criminal Surversery Division of American Secret Service, in a press release.
Royal victims are generally required to pay a ransom in cryptocurrency by accessing a Darknet website, according to the press release.
According to the United States Department of Justice, one of the victims paid a ransom of 49.3120227 Bitcoins around April 4, 2023, or around 1.44 million dollars at the time of the transaction, to decipher its data. Part of this ransom was deposited and withdrawn several times via a virtual currency account, which led to the frost of the funds around January 9, 2024.
The office of the district federal prosecutor is in Virginia continues to collaborate with the international judicial authorities within the framework of this case.
At the beginning of 2024, judicial agencies from around the world, including the Federal Bureau of Investigation (FBI), Europol and the National Crime Agency of the United Kingdom, collaborated to dismantle a clandestine website linked to the Ransomware Lockbit group, which had extorted more than $ 120 million to more than 2000 victims worldwide. Nicknamed operation “Cronos”, this joint operation was part of an international campaign aimed at disrupting the main cybercrime operations around the world.
