The U.S. Department of Justice announced Monday that it had seized servers and $1 million in Bitcoin from the prolific Russian ransomware gang behind the black suits and royal malware.
According to a press release, a coalition of global law enforcement agencies, including the US, Canada, Germany, Ireland, France, and the UK, seized four servers and nine domains on July 24th. Additionally, authorities seized about $1 million in cryptocurrency.
Blacksuit and Royal are two different ransomware believed to have been developed by the same Russian cybercrime gang targeting critical infrastructure in the US and beyond.
“The Blacksuit actor has requested more than $500 million in total, with the biggest personal ransom demand of $60 million,” the US cybersecurity agency CISA said in its recommendation last year.
“The permanent targeting of US critical infrastructure for black suit ransomware gangs represents a serious threat to US public safety,” National Security Advisor John A. Eisenberg said in a press release.
Royal and Blacksuits compromised more than 450 US victims, according to ICE's Homeland Security Survey, which led the investigation. In total, cybercriminals have also earned ransom payments of more than $370 million since 2022.
The recovered Bitcoin was recovered from a digital currency exchange account where funds were frozen in January last year, according to the announcement.
TechCrunch Events
San Francisco | October 27-29, 2025
We are constantly aiming to evolve and you can help us by providing insights into TechCrunch and your perspective and feedback on our coverage and events! Fill in this research to let us know how we are doing and get the opportunity to win an award in return!