Ransomware group BlackSuit suffers server, domain, and $1 million asset loss in a global extortion spree
In a significant blow to cybercrime, a large-scale international operation has successfully seized the infrastructure of the BlackSuit ransomware, a group notoriously known for targeting US critical infrastructure. The operation, involving authorities from the UK, Germany, Ireland, France, Canada, Ukraine, and Lithuania, as well as US law enforcement agencies such as the Department of Homeland Security Investigations (HSI), FBI, Secret Service, and IRS, has disrupted the operations of BlackSuit and potentially set the stage for the emergence of a new threat, Chaos ransomware.
The BlackSuit dark web leak site, previously a hub for ransom payments, now displays a message stating that it was taken down as part of "Operation Checkmate." Since its debut, BlackSuit has racked up over 450 known victims in the US, including schools, hospitals, organizations within the energy sector, and government entities. The US Department of Justice unsealed the seizure warrant on August 11.
Authorities in Germany claim they have been instrumental in the seizure of the gang's servers and systems, and they have obtained "considerable amounts of data" that will be used to help identify members of the BlackSuit crew. The BlackSuit ransomware gang, also known as Royal, has been a target of US law enforcement due to its persistent targeting of US critical infrastructure.
The estimated total ransom payments made to BlackSuit amount to roughly $370 million. However, there is speculation that members of the BlackSuit ransomware gang may have rebranded or formed a new group called Chaos ransomware. This speculation arises from similarities in the encryption methodology, ransom notes, and toolsets used by Chaos, which have been noted by researchers. However, there is no definitive confirmation that BlackSuit has directly rebranded as Chaos. The Chaos group has already conducted multiple attacks, primarily in the United States, without targeting specific industries.
As of the announcement, no members of the BlackSuit ransomware gang have been arrested. $1,091,453 in virtual currency has been frozen as a result of the seizure. The exact nature of any rebranding or formation of Chaos ransomware remains speculative. The public is advised to remain vigilant and follow best practices for cybersecurity to protect against potential threats.
Read also:
- Latest Update in Autonomous Vehicle Sector featuring Applied Intuition, Hesai, Plus, Tesla, Pony.ai, and Wayve
- Challenges impeding the implementation of AI, as cited by Chief Information Security Officers, along with potential solutions
- Latest Updates in Autonomous and Self-Driving Vehicles: Tesla, Cybercab, Robovan, AMCI, Gatik, J.D. Power, AeroVironment and OMNIVISION Making Waves in the Industry
- Data breaches become more costly with the advent of 'Shadow AI', according to a new study.
