The U.S. Department of Justice announced on Monday that it had seized servers and $1 million worth of Bitcoin from the Russian ransomware gang behind the BlackSuit and Royal malware. According to a press release, a global coalition of law enforcement agencies including the United States, Canada, Germany, Ireland, France, the United Kingdom and other countries seized four servers and nine domain names on July 24. In addition, authorities also seized approximately $1 million in cryptocurrency. 

bc358143-a289-4a30-92f2-c977eab24188.png

BlackSuit and Royal are two different types of ransomware believed to have been developed by the same Russian cybercriminal gang that targets critical infrastructure in the United States and beyond. 

The U.S. cybersecurity agency CISA said in an advisory report last year: "The total ransom demanded by BlackSuit attackers exceeds $500 million, with the largest ransom demand being $60 million."

"The BlackSuit ransomware gang's continued attacks on U.S. critical infrastructure pose a serious threat to U.S. public safety," Assistant Attorney General for National Security John Eisenberg said in a press release.

Royal and BlackSuit have compromised more than 450 victims in the United States, "including entities in the healthcare, education, public safety, energy and government sectors," according to U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations, which is leading the investigation. In total, these cybercriminals have received more than $370 million in ransom payments since 2022. 

The announcement stated that the recovered Bitcoins were recovered from a digital currency trading account whose funds were frozen in January last year.