The U.S. Department of Justice has announced the takedown of the dark web extortion sites of the BlackSuit ransomware gang as part of a global law enforcement operation dubbed Operation Checkmate, reports BleepingComputer.
BleepingComputer confirmed that multiple BlackSuit .onion domains were seized, including data leak blogs and negotiation portals used to pressure victims into paying ransom demands. These sites now display seizure notices from U.S. Homeland Security Investigations. The coordinated operation included the U.S. Secret Service, the U.K. National Crime Agency, the Dutch National Police, the Frankfurt General Prosecutor's Office, the German State Criminal Police Office, and Europol, with support from cybersecurity firm Bitdefender. BlackSuit, previously known as Quantum and Royal, is linked to the defunct Conti syndicate. Cisco Talos reported on Thursday that evidence suggests the ransomware group is likely to rebrand itself once again as Chaos ransomware. "Talos assesses with moderate confidence that the new Chaos ransomware group is either a rebranding of the BlackSuit (Royal) ransomware or operated by some of its former members," the researchers said. BlackSuit and its predecessors have targeted more than 350 victims in total since 2022, and have demanded more than $500 million in ransom payments. The FBI and CISA have previously warned of the gang's strategic changes and overlaps in code base, and have continued to warn about their ongoing risk to global cybersecurity.
BleepingComputer confirmed that multiple BlackSuit .onion domains were seized, including data leak blogs and negotiation portals used to pressure victims into paying ransom demands. These sites now display seizure notices from U.S. Homeland Security Investigations. The coordinated operation included the U.S. Secret Service, the U.K. National Crime Agency, the Dutch National Police, the Frankfurt General Prosecutor's Office, the German State Criminal Police Office, and Europol, with support from cybersecurity firm Bitdefender. BlackSuit, previously known as Quantum and Royal, is linked to the defunct Conti syndicate. Cisco Talos reported on Thursday that evidence suggests the ransomware group is likely to rebrand itself once again as Chaos ransomware. "Talos assesses with moderate confidence that the new Chaos ransomware group is either a rebranding of the BlackSuit (Royal) ransomware or operated by some of its former members," the researchers said. BlackSuit and its predecessors have targeted more than 350 victims in total since 2022, and have demanded more than $500 million in ransom payments. The FBI and CISA have previously warned of the gang's strategic changes and overlaps in code base, and have continued to warn about their ongoing risk to global cybersecurity.
