US DoJ Leads International Crackdown on Cybercrime Network

The Justice Department has announced a major international law enforcement operation against the BlackSuit (Royal) ransomware group, disrupting its global infrastructure and seizing over $1 million in illicit cryptocurrency proceeds. The coordinated takedown on 24 July 2025 involved the removal of four servers and nine domains used by the cybercriminal gang, alongside the unsealing of a warrant for virtual currency valued at $1,091,453 at the time of seizure.

The joint action brought together the Department of Homeland Security’s Homeland Security Investigations (HSI), the US Secret Service, IRS Criminal Investigation (IRS-CI), the FBI, and law enforcement agencies from the United Kingdom, Germany, Ireland, France, Canada, Ukraine, and Lithuania.

BlackSuit, previously known as Royal, has been linked to persistent ransomware attacks on critical infrastructure, including manufacturing, healthcare, public health, government facilities, and commercial sectors. Victims are typically forced to pay ransoms in Bitcoin via darknet portals, with individual payments exceeding $1.4 million. The group has been known to launder ransom payments through repeated deposits and withdrawals across cryptocurrency exchanges, a method targeted in this operation.

Law enforcement officials have framed the takedown as a decisive step in dismantling the ransomware ecosystem. Senior Justice Department figures stressed the shift towards a disruption-first strategy, with a focus on neutralising infrastructure, undermining financial networks, and preventing further attacks.

Investigators from multiple jurisdictions traced ransom funds, including a high-value April 2023 payment, ultimately freezing accounts and recovering assets in January 2024. Authorities emphasised that alongside server seizures, depriving ransomware operators of financial resources is critical to undermining their operations.

The operation underscores the growing emphasis on cross-border cybercrime enforcement, leveraging intelligence sharing, asset recovery, and technical takedowns to counter ransomware threats. The case is being prosecuted by the US Attorneys’ Offices for the Eastern District of Virginia and the District of Columbia, with support from the Justice Department’s National Security Division.

With ransomware groups evolving their tactics, law enforcement agencies are urging businesses, public bodies, and critical service providers to adopt robust cybersecurity measures and remain vigilant to emerging threats.

Read the press release here.