US Seizes $1.09M Crypto from BlackSuit Ransomware Linked to $370M Demands
The US Department of Justice has taken action against the BlackSuit ransomware gang, active since 2022...
Quick overview
- The US Department of Justice has targeted the BlackSuit ransomware gang, responsible for over $370 million in ransom demands since 2022.
- On July 24, 2025, authorities seized four servers, nine domains, and approximately $1.09 million in cryptocurrency as part of a coordinated international effort.
- BlackSuit, which evolved from the Royal ransomware gang, specializes in large-scale extortion, with ransom demands ranging from $1 million to $60 million.
- The takedown highlights the US's commitment to a 'disruption-first' approach to ransomware, emphasizing international cooperation to combat cybercrime.
The US Department of Justice has taken action against the BlackSuit ransomware gang, active since 2022 and responsible for over $370 million in ransom demands. On July 24, 2025, authorities seized four servers, nine domains and approximately $1.09 million in cryptocurrency with international law enforcement.
The operation involved a coalition of agencies including Homeland Security Investigations, Secret Service, IRS Criminal Investigation and the FBI, with support from the UK, Germany, Ireland, France, Canada, Ukraine and Lithuania. A federal warrant was also unsealed to seize funds previously frozen by an unnamed crypto exchange earlier this year.
BlackSuit’s Infrastructure Attacks
BlackSuit evolved from the Royal ransomware gang, using similar tactics, tools and operational methods. Since rebranding in 2023, the group has been specializing in large scale extortion, targeting organizations with ransom demands from $1 million to $10 million and in one case $60 million.
US & allies seized $1.09M in Bitcoin, 4 servers & 9 domains linked to Russian ransomware groups, per FinanceFeeds. Assets tied to a $1.45M ransom paid in April '23. #cybercrime #ransomware #cryptocurrency#BTC #Bitcoin #Crypto
— Blockchain Report (@blockchain24R) August 12, 2025
The gang had a darknet portal where stolen data was listed for release unless victims paid. By late 2023 the FBI and Cybersecurity and Infrastructure Security Agency warned that BlackSuit had the ability to attack critical infrastructure and public safety sectors.
- Victim sectors: Healthcare providers, government offices, manufacturing, commercial operators
- Typical impact: System lockouts and threats of sensitive data exposure
- Notable payment: 49.3 BTC (~$1.44M) paid by one US organization in 2023
Investigations show BlackSuit has compromised over 450 US victims since 2022, so the July seizure is a big hit to their operations.
US Ransomware Crackdown
The US is taking a “disruption-first” approach to ransomware, combining sanctions, enforcement and forfeiture actions. Recent examples:
- Sanctions on Russian hosting provider Zservers for supporting LockBit
- DOJ forfeiture of $2.3 million in Bitcoin from Chaos ransomware members
Authorities say a coordinated international approach is key to stopping ransomware and protecting critical infrastructure from further disruption.
The BlackSuit takedown shows the US and its allies are serious about combating cybercrime and securing digital assets, and ransomware groups are facing increasing operational risks globally.
- Check out our free forex signals
- Follow the top economic events on FX Leaders economic calendar
- Trade better, discover more Forex Trading Strategies
- Open a FREE Trading Account
Save