12:04 PM PDT · August 11, 2025

The U.S. Department of Justice announced on Monday it has seized the servers and $1 million in bitcoin from the prolific Russian ransomware gang behind the BlackSuit and Royal malware. 

According to the press release, a coalition of global law enforcement agencies, including from the U.S., Canada, Germany, Ireland, France, U.K., and others, seized four servers and nine domains on July 24. In addition, authorities also seized around $1 million in cryptocurrency. 

BlackSuit and Royal are two different types of ransomware, believed to be developed by the same Russian cybercriminal gang that has targeted critical infrastructure in the United States and beyond. 

“BlackSuit actors have demanded over $500 million USD in total and the largest individual ransom demand was $60 million,” the U.S. cybersecurity agency CISA said in an advisory last year. 

“The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to U.S. public safety,” Assistant Attorney General for National Security John A. Eisenberg said in the press release. 

According to ICE’s Homeland Security Investigations, which led the investigation, Royal and BlackSuit have compromised more than 450 victims in the U.S., “including entities in the healthcare, education, public safety, energy and government sectors.” And, in total, the cybercriminals have earned more than $370 million in ransom payments since 2022. 

The recovered bitcoin was recovered from a digital currency exchange account, whose funds were frozen in January of last year, according to the announcement. 

We’re always looking to evolve, and by providing some insight into your perspective and feedback into TechCrunch and our coverage and events, you can help us! Fill out this survey to let us know how we’re doing and get the chance to win a prize in return!

Topics

View Bio