Royal and BlackSuit ransomware groups target more than 450 companies in the United States.
The U.S. Department of Homeland Security (DHS) reported that the cybercrime gang responsible for the Royal and BlackSuit ransomware operations had breached hundreds of U.S. companies prior to their takedown last month. Homeland Security Investigations (HSI), the DHS’s primary investigative arm, collaborated with international law enforcement to dismantle the group’s infrastructure. The cybercriminals reportedly amassed over $370 million from their victims. Since 2022, the Royal and BlackSuit ransomware groups compromised more than 450 known victims across various sectors, including healthcare, education, public safety, energy, and government. Their ransomware schemes employed double-extortion tactics, encrypting victims’ systems while threatening to leak stolen data to further compel payment.
The U.S. Department of Justice confirmed on July 24 that law enforcement seized BlackSuit’s dark web extortion domains, replacing the contents of the gang’s leak sites with seizure banners as part of a joint international operation codenamed Operation Checkmate. The cybercrime group initially emerged as Quantum ransomware in January 2022 and was believed to be a successor to the notorious Conti cybercrime syndicate. After developing their own Zeon encryptor, they rebranded as Royal ransomware in September 2022. Following a series of attacks, including one on the City of Dallas, the group switched to the BlackSuit brand in June 2023. Recent advisories from CISA and the FBI linked the Royal ransomware gang to over 350 global attacks, resulting in ransom demands exceeding $275 million. Following the dismantling of BlackSuit’s infrastructure, Cisco Talos identified evidence suggesting the group may rebrand itself as Chaos ransomware, employing voice-based social engineering and targeting both local and remote storage for maximum impact.
Categories: Cybercrime, Ransomware Operations, Law Enforcement Actions
Tags: Cybercrime, Ransomware, Royal, BlackSuit, DHS, HSI, Double-Extortion, Cryptocurrency, Operation Checkmate, Chaos