The Justice Department has announced coordinated actions against the BlackSuit (Royal) Ransomware group, including the takedown of four servers and nine domains on July 24. The operation involved several U.S. agencies such as Homeland Security Investigations (HSI), the U.S. Secret Service, IRS Criminal Investigation (IRS-CI), and the FBI, along with law enforcement partners from the United Kingdom, Germany, Ireland, France, Canada, Ukraine, and Lithuania. Authorities also unsealed a warrant for the seizure of virtual currency valued at $1,091,453 at the time of seizure.
“This action exemplifies the forward-leaning, disruption-first approach we are taking to address this threat,” said Erik S. Siebert, U.S. Attorney for the Eastern District of Virginia. “When it comes to protecting U.S. businesses, critical infrastructure, and other victims from ransomware and other cyberthreat actors, we will pull no punches.”
Assistant Attorney General for National Security John A. Eisenberg stated: “The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to U.S. public safety,” adding that his division is part of an ongoing team working to protect national critical infrastructure.
U.S. Attorney Jeanine Ferris Pirro for the District of Columbia commented: “Too often we see the damage ransomware causes to systems that then allows cybercriminals to wreak havoc on corporations and others,” noting her office’s readiness to confront such criminals.
Michael Prado, Deputy Assistant Director for HSI’s Cyber Crimes Center (C3), said: “Disrupting ransomware infrastructure is not only about taking down servers—it’s about dismantling the entire ecosystem that enables cybercriminals to operate with impunity.” He emphasized international coordination in these efforts.
Christopher Heck, Special Agent in Charge of HSI Washington D.C., remarked: “This investigation reflects the full reach of HSI Washington D.C.’s cyber mission and our commitment to defending victims—whether they’re small businesses, school systems or hospitals.”
Special Agent in Charge William Mancino of the U.S. Secret Service’s Criminal Investigative Division described this as a significant blow against BlackSuit’s operations: “The U.S. Secret Service is committed to working alongside our law enforcement partners to dismantle criminal enterprises and prevent deployment of malicious ransomware that victimizes businesses and organizations.”
Kareem Carter from IRS-CI highlighted financial aspects: “This announcement demonstrates IRS Criminal Investigation’s commitment to disrupting illicit flow of money that enables cyber criminals… We will continue…to identify apprehend and hold accountable these bad actors.”
According to officials’ statements released by HSI, law enforcement successfully seized servers and digital assets used by BlackSuit for deploying ransomware attacks as well as laundering proceeds from those activities; among these was approximately $1 million in virtual currency separately seized using evidence collected by prosecutors in Virginia on June 21.
A joint advisory from both FBI and Cybersecurity & Infrastructure Security Agency (CISA) notes that BlackSuit has targeted multiple sectors including manufacturing facilities and healthcare providers while outlining tactics used by attackers so organizations can bolster defenses (https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a).
Typically ransom payments were demanded via Bitcoin through darknet sites; one April 2023 incident saw nearly $1.45 million paid before authorities froze related funds at an exchange earlier this year.
Multiple agencies are continuing their investigations into these incidents with support from counterparts across Europe as well as Canada.
Prosecutors representing various offices include Laura D. Withers (Eastern District VA), Jacques Singer-Emery (National Security Division), Rick Blaylock Jr. (District DC).
A copy of this press release can be found on the website of the U.S. Attorney’s Office for the Eastern District of Virginia.
