TZUTC: -0500
MSGID: 1285.consprcy@1:2320/105 2ced17ce
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Top ransomware group BlackSuit has dark web extortion sites seized and shut
down

Date:
Mon, 28 Jul 2025 16:09:00 +0000

Description:
Operation Checkmate successfully disrupted BlackSuit, but for how long?

FULL STORY

Notorious ransomware operator BlackSuit has had its infrastructure disrupted
by a major law enforcement campaign. 

As part of the action, BlackSuits main website, accessed through The Onion
Router (TOR), was defaced and left with a banner usually propped up by law
enforcement after domain seizure. 

"This site has been seized by U.S. Homeland Security Investigations as part 
of a coordinated international law enforcement investigation," the banner
said.

Medusa claims responsibility 

US Homeland Security, the US Department of Justic (DoJ), the FBI, and other
agencies have not yet published an official announcement regarding the
takedown, but the DoJ has confirmed the action was part of Operation
Checkmate. 

Besides the main site, other websites (including the leak site and 
negotiation site) were also shut down. 

This was an international operation, conducted by the US Secret Service, the
Dutch National Police, the German State Criminal Police Office, the UK
National Crime Agency, the Frankfurt General Prosecutor's Office, the Justice
Department, the Ukrainian Cyber Police, Europol, and others. 

Bitdefender, a private cybersecurity company, also assisted, saying, "We
commend our law enforcement partners for their coordination and 
determination. Operations like this reinforce the critical role of
public-private partnerships in tracking, exposing, and ultimately dismantling
ransomware groups that operate in the shadows." 

A US Department of Health and Human Services report published in late 
November 2023 said BlackSuit was first spotted in May that year, showing
striking parallels with Royal, the direct successor of the former notorious
Russian-linked Conti operation. 

Unfortunately, taking down websites and seizing infrastructure rarely stops
ransomware attacks - it just slows them down a little bit. It usually takes a
few weeks for threat actors to recover and continue where they left off, and
usually wont stop until they are arrested. 

 Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/top-ransomware-group-blacksuit-has-dark
-web-extortion-sites-seized-and-shut-down

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426