US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang

The United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang's servers, domains, and dark web extortion site, also saw the seizure of US $1,091,453 worth of cryptocurrency.

The DOJ's press release describes how law enforcement agencies around the world - including the United States, UK, Canada, Germany, Ireland, and France - joined forces in an operation to seize four servers and nine domains associated with the gang behind the BlackSuit ransomware on July 24.

Last year, a joint advisory issued by CISA and the FBI warned organisations that the BlackSuit ransomware gang had demanded more than half a billion dollars from its victims in less than two years - after encrypting systems and threatening to release files on the dark web if payment was not made.

A BlackSuit ransomware attack often culminates in a demand for between approximately one million to 10 million dollars, with payment requested in Bitcoin. The largest known individual ransom demand was for an eye-watering US $60 million.

In its press release, the US Department of Justice shared some details of how it had managed to seize US $1,091,453 worth of cryptocurrency extorted from a ransomware victim.

It explains that on or about April 4, 2023, a victim paid 49.3120227 Bitcoin after having their data encrypted by a ransomware attack. At the time of the transaction, the payment was worth US $1,445,454.86. A portion of those proceeds (US $1,091,453) was, according to the DOJ, repeatedly deposited and withdrawn into a cryptocurrency exchange account until the funds were frozen by the exchange in January 2024.

Of course, it's easy to consider the seizure of just over US $1 million worth of cryptocurrency a drop in the ocean compared to the riches made by the cybercriminals.

Nonetheless, investigations into the activities of the BlackSuit ransomware gang will be welcomed by the more than 450 known victims in the United States alone, who include organisations in the healthcare, education, public safety, energy and government sectors.

The BlackSuit criminal operation first emerged in May 2023, and has strong links to the Royal ransomware gang that launched attacks on US healthcare, and which itself was born out of the remains of the notorious Russian Conti group.

As we explained last month, Bitdefender assisted the multi-national operation to disrupt the activities of the ransomware group, as part of its ongoing commitment to fighting cybercrime - where it assists law enforcement, monitors the dark web, and develops ransomware decryptors.

If you haven't done so already, you should really check out "Cybercrime: From the Frontline" - Bitdefender's video podcast series which brings expert insights into the latest cyber threats.