In a coordinated international operation, U.S. and global law enforcement agencies seized over $1 million in cryptocurrency from the BlackSuit ransomware group during late July 2025. The action involved the Department of Justice (DOJ), Homeland Security (DHS), Secret Service, FBI, IRS, and agencies from the UK, Germany, France, Canada, Lithuania, and Ukraine.
BlackSuit, a spinoff of the Royal ransomware gang active since at least 2023, targeted over 450 U.S. victims across healthcare, government, and manufacturing sectors using double-extortion tactics. The group amassed $370 million in ransom payments, with demands ranging from $1 million to $60 million per attack. Among the seized assets was a specific transaction of 49.3 BTC (worth $1.4 million when traced), alongside servers and domain names critical to their operations.
Michael Prado, Deputy Assistant Director at Homeland Security Investigations Cyber Crimes Center, emphasized that disrupting such infrastructure is vital to dismantling ransomware ecosystems. The DOJ noted BlackSuit’s attacks posed significant threats to U.S. critical infrastructure and public safety.