Law enforcement agencies have seized the dark web infrastructure of the notorious BlackSuit ransomware gang, which has been responsible for hacking hundreds of organizations worldwide in recent years.
The takedown was confirmed by the U.S. Department of Justice earlier today and is part of a joint international effort dubbed Operation Checkmate.
BlackSuit’s .onion Websites, including their data leak blogs and victim negotiation portals, were replaced Thursday with seizure notices from U.S. Homeland Security Investigations (HSI). The banners announced that the domains had been taken offline as part of a coordinated investigation involving several major law enforcement agencies.
These include the U.S. Secret Service, Europol, the U.K. National Crime Agency, Dutch National Police, German State Criminal Police, the Ukrainian Cyber Police, and others. Romanian cybersecurity firm Bitdefender also assisted in the operation.
The dismantled websites were previously used by the ransomware group to pressure victims into paying massive ransoms by threatening to leak stolen data. The BlackSuit group, also known under previous names like Royal and Quantum, is believed to be a direct descendant of the Conti cybercrime syndicate — one of the most prolific ransomware groups in history.
Meanwhile, security researchers at Cisco Talos have reported signs that the BlackSuit gang may already be rebranding as Chaos ransomware. According to Talos, tactics, techniques, and procedures (TTPs) used by Chaos are strikingly similar to those of BlackSuit, including ransom note formatting, encryption methods, and use of remote monitoring tools. This would mark yet another identity change for the group, which previously operated as Quantum, rebranded to Royal, and then adopted the BlackSuit name in mid-2023.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
