The Department of Justice—backed by the FBI, U.S. Secret Service, Homeland Security Investigations (HSI), IRS Criminal Investigation, and a web of international partners—took decisive action on July 24, executing a coordinated takedown of the BlackSuit ransomware network. This included seizing four servers, shutting down nine domains, and confiscating over $1 million in cryptocurrency, according to a press release published on August 11.
BlackSuit, previously known as Royal, rose from the ashes of Conti and quickly became one of the most aggressive double-extortion gangs. Analysts believe it has compromised over 450 organizations across the U.S.—spanning sectors such as healthcare, education, energy, and public safety—extorting upwards of $370 million in ransom payments.
Labelled Operation Checkmate, the takedown extended beyond U.S. borders, with coordinated efforts involving law enforcement from the U.K., Germany, France, the Netherlands, Canada, Ukraine, Lithuania, and more. Europol helped orchestrate the broader campaign under its Joint Cyber Action Task Force.
Also read: How BlackSuit Ransomware is Crippling Businesses: FBI, CISA Sound Alarm
“The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to public safety,” said DOJ officials, underscoring that this disruption reflects a shift toward a “disruption-first” strategy in combating cybercrime.
Private sector collaboration also played a pivotal role. The American Hospital Association issued praise, noting that while BlackSuit had wreaked havoc on hospitals and health systems, this takedown demonstrates the power of public–private alliances to stem such threats.
This asset seizure is far more than a symbolic victory. It demonstrates that while cryptocurrencies may offer anonymity, they are not impregnable shields for cybercriminals.
Still, the operation is not a knockout blow. Experts caution that without arrests or dismantling of the leadership, ransomware groups like BlackSuit can and often do rebound—leveraging their remaining financial assets to reconstitute infrastructure.
