{"id":41926,"date":"2025-08-13T11:01:32","date_gmt":"2025-08-13T11:01:32","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=41926"},"modified":"2025-08-13T11:01:32","modified_gmt":"2025-08-13T11:01:32","slug":"ransomware-empire-falls-feds-strip-blacksuit-of-1-million-in-crypto","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=41926","title":{"rendered":"Ransomware Empire Falls: Feds Strip BlackSuit Of $1 Million In Crypto"},"content":{"rendered":"
\n

Federal and international law enforcement officers moved in late July to disrupt the BlackSuit ransomware gang<\/a>, seizing servers, domain names and roughly a million dollars in cryptocurrency tied to its operations.<\/p>\n

According to the Justice Department, the action<\/a> included an unsealed warrant for the seizure of digital assets and was led by Homeland Security Investigations with help from the Secret Service, the IRS and the FBI.<\/p>\n

International Law Enforcement Action<\/h2>\n

A statement from the Justice Department says investigators worked with partners in the UK, Germany<\/a>, Ireland, France, Canada, Ukraine and Lithuania to carry out the takedown.<\/p>\n

Michael Prado, deputy assistant director at the Homeland Security Investigations Cyber Crimes Center, said law enforcement aimed to dismantle the systems that let these groups operate, not just pull a few servers offline.<\/p>\n

The move followed other recent steps by the US, including sanctions against a ransomware hosting provider in July.<\/p>\n

\n

Justice Department Announces Coordinated Disruption Actions Against BlackSuit (Royal) Ransomware Operations<\/p>\n

Law Enforcement Seizes Servers, Domains, and Approximately $1 Million In Laundered Proceeds Owned By BlackSuit (Royal) Ransomware<\/p>\n

\u201cThe BlackSuit ransomware gang\u2019s\u2026 pic.twitter.com\/EIXS7X0Su3<\/a><\/p>\n

\u2014 National Security Division, U.S. Dept of Justice (@DOJNatSec) August 11, 2025<\/a><\/p>\n<\/blockquote>\n

Scope Of The BlackSuit Campaign<\/h2>\n

Based on reports, BlackSuit first appeared as a spinoff of the Royal ransomware gang and has been active since at least 2023.<\/p>\n

Officials say the group targeted critical infrastructure<\/a> across sectors \u2014 healthcare, government facilities, manufacturing and commercial sites.<\/p>\n

Since 2022 investigators have linked the gang to more than 450 known victims in the US and reported that it has received over $370 million in ransom payments.<\/p>\n

Ransom demands have typically ranged from about $1 million to $10 million in BTC, and Cybersecurity and Infrastructure Security Agency data lists the largest single demand at $60 million.<\/p>\n


\nHow The Funds Were Traced<\/p>\n

Reports disclose that a 2023 ransom payment of 49 BTC<\/a> \u2014 worth roughly $1.4 million at the time \u2014 was involved in the funds now seized, and that part of that payment was deposited and withdrawn repeatedly from a crypto exchange until the account was frozen in early 2024.<\/p>\n

The DOJ did not name the exchange. Officials say this kind of tracing and cooperation with private firms is what allowed agents to follow the money trail and secure assets connected to the scheme.<\/p>\n

This operation removed infrastructure and recovered roughly $1 million tied to a gang accused of hundreds of attacks and hundreds of millions in ransom takings.<\/p>\n

The clampdown is a strong tactical win and a clear sign that authorities and international partners are working together \u2014 but disruption alone won\u2019t stop every attack.<\/p>\n

Featured image from Bing Create, chart from TradingView<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Federal and international law enforcement officers moved in late July to disrupt the BlackSuit ransomware gang, seizing servers, domain names and roughly a million dollars in cryptocurrency tied to its operations. According to the Justice Department, the action included an unsealed warrant for the seizure of digital assets and was led by Homeland Security Investigations […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-41926","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/41926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41926"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/41926\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41926"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41926"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}