Feds Confiscate Millions in Bitcoin from Emerging Ransomware Group

The FBI has announced the seizure of over $1.7 million worth of crypto from an affiliate of the emerging Chaos ransomware group.

The agency confiscated 20.28 BTC in proceeds linked to a ransomware operator known as “Hors,” according to the FBI’s Dallas Field Office. The seizure took place April 15 and was formally recorded July 24 via a civil forfeiture complaint from the US Department of Justice.

"The seized funds were traced to a cryptocurrency address allegedly associated with a member of the Chaos ransomware group, known as 'Hors,' who has been tied to ransomware attacks against victims here in the Northern District of Texas and elsewhere," the FBI said in a post on X (formerly Twitter).

The crypto is now valued at over $2.4 million, and allegedly constitutes property involved in money laundering and extortion in relation to ransomware attacks, according to the DOJ’s statement.

Chaos is a relatively new ransomware-as-a-service group, generally believed to be a descendent of notorious ransomware gangs such as Conti / BlackSuit.  The gang’s double-extortion tactics target victims on multiple platforms and demand ransom via encrypted Tor-based communications. Like its predecessors, Chaos aims to encrypt files, exfiltrate sensitive data, and pressure victims with public exposure if payments aren’t made.

Why Small Businesses Should Pay Attention

While headlines often highlight ransomware attacks on large enterprises, very small businesses and solo entrepreneurs are increasingly in the crosshairs because they often lack dedicated cybersecurity personnel or rely on third-party IT providers that may not adhere to proper security protocols.

A Tailored Solution for Small Businesses

Bitdefender offers a powerful, easy-to-deploy security solution designed specifically for small companies with no dedicated IT team.
Bitdefender Ultimate Small Business Security offers advanced threat detection, ransomware mitigation, web threat protection, and device management, empowering business owners to focus on growth and not breaches.

Crypto Recovery Scams Could Follow the News

Following major asset seizures, fraudsters often re-exploit victims by posing as law enforcement or third-party “recovery specialists.” With headlines now circulating about the FBI’s $2.4 million seizure, we can expect a new wave of “refund scam” emails claiming:

"You may be eligible for a refund of seized funds from a ransomware operation. Please confirm your wallet address and ID to process your recovery."

These emails often spoof FBI communications, include official-looking logos, and request sensitive information or payment upfront. The FBI has explicitly warned victims not to trust unsolicited communications. Real law enforcement agencies will never email you with refund promises tied to seizures without first contacting you through formal channels.

To stay protected:

• Do not engage with unsolicited recovery offers
• Do not send personal details, crypto wallets, or upfront fees
• Report suspicious contact to the FBI’s Internet Crime Complaint Center (ic3.gov)

Learn more in this article: FBI Warns of Crypto Recovery Scams Targeting Ransomware Victims