Top ransomware group BlackSuit has dark web extortion sites seized and shut down
- Numerous law enforcement agencies banded together to disrupt BlackSuit
- The ransomware operators had multiple websites seized
- No arrests had been made
Notorious ransomware operator BlackSuit has had its infrastructure disrupted by a major law enforcement campaign.
As part of the action, BlackSuit’s main website, accessed through The Onion Router (TOR), was defaced and left with a banner usually propped up by law enforcement after domain seizure.
“This site has been seized by U.S. Homeland Security Investigations as part of a coordinated international law enforcement investigation,” the banner said.
Medusa claims responsibility
US Homeland Security, the US Department of Justic (DoJ), the FBI, and other agencies have not yet published an official announcement regarding the takedown, but the DoJ has confirmed the action was part of Operation Checkmate.
Besides the main site, other websites (including the leak site and negotiation site) were also shut down.
This was an international operation, conducted by the US Secret Service, the Dutch National Police, the German State Criminal Police Office, the UK National Crime Agency, the Frankfurt General Prosecutor’s Office, the Justice Department, the Ukrainian Cyber Police, Europol, and others.
Bitdefender, a private cybersecurity company, also assisted, saying, “We commend our law enforcement partners for their coordination and determination. Operations like this reinforce the critical role of public-private partnerships in tracking, exposing, and ultimately dismantling ransomware groups that operate in the shadows.”
A US Department of Health and Human Services report published in late November 2023 said BlackSuit was first spotted in May that year, showing “striking parallels with Royal, the direct successor of the former notorious Russian-linked Conti operation”.
Unfortunately, taking down websites and seizing infrastructure rarely stops ransomware attacks – it just slows them down a little bit. It usually takes a few weeks for threat actors to recover and continue where they left off, and usually won’t stop until they are arrested.
Via BleepingComputer
You might also like
Numerous law enforcement agencies banded together to disrupt BlackSuit The ransomware operators had multiple websites seized No arrests had been made Notorious ransomware operator BlackSuit has had its infrastructure disrupted by a major law enforcement campaign. As part of the action, BlackSuit’s main website, accessed through The Onion Router (TOR),…
