Office of Public Affairs Justice Department Announces Coordinated Disruption Actions Against BlackSuit Royal Ransomware Operations United States Department of Justice
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppArchived NewsppThe Justice Department announced today coordinated actions against the BlackSuit Royal Ransomware group which included the takedown of four servers and nine domains on July 24 2025 The takedown was conducted by the Department of Homeland Securitys Homeland Security Investigations HSI the US Secret Service IRS Criminal Investigation IRSCI the FBI and international law enforcement from the United Kingdom Germany Ireland France Canada Ukraine and Lithuania These actions include the unsealing of a warrant for the seizure of virtual currency valued at 1091453 at the time of the seizure The unsealing was announced today jointly by the US Attorneys Offices for the Eastern District of Virginia and the District of ColumbiappThe BlackSuit ransomware gangs persistent targeting of US critical infrastructure represents a serious threat to US public safety said Assistant Attorney General for National Security John A Eisenberg The National Security Division is proud to be part of an ongoing team of government agencies and partners working to protect our Nation from threats to our critical infrastructureppThis action exemplifies the forwardleaning disruptionfirst approach we are taking to address this threat said US Attorney Erik S Siebert for the Eastern District of Virginia When it comes to protecting US businesses critical infrastructure and other victims from ransomware and other cyberthreat actors we will pull no punchesppToo often we see the damage ransomware causes to systems that then allows cybercriminals to wreak havoc on corporations and others said US Attorney Jeanine Ferris Pirro for the District of Columbia Whether these criminals target law enforcement other government agencies or private companies my office and our law enforcement partners stand ready to go toetotoe with criminals and make victims wholeppDisrupting ransomware infrastructure is not only about taking down servers its about dismantling the entire ecosystem that enables cybercriminals to operate with impunity said Deputy Assistant Director Michael Prado for HSIs Cyber Crimes Center C3 This operation is the result of tireless international coordination and shows our collective resolve to hold ransomware actors accountableppThis operation strikes a critical blow to BlackSuits infrastructure and operations said Special Agent in Charge William Mancino of the US Secret Services Criminal Investigative Division The US Secret Service is committed to working alongside our law enforcement partners to dismantle criminal enterprises and prevent the deployment of malicious ransomware that victimizes businesses and organizationsppThis announcement demonstrates IRS Criminal Investigations commitment to disrupting the illicit flow of money that enables cyber criminals to illegally launder millions in cryptocurrency said Executive Special Agent in Charge Kareem Carter of the IRSCI Washington Field Office Criminal software like the BlackSuit Ransomware group is deployed to steal extort victims and launder proceeds of these activities IRS Criminal Investigation Washington DC Cyber Crimes Unit will continue to work hand in hand with our law enforcement partners to leverage all available tools to identify apprehend and hold accountable these bad actors and put an end to their illicit activityppAs detailed in an announcement by HSI an operation by US law enforcement in close coordination with international partners successfully seized servers domains and digital assets used by the BlackSuit Ransomware group to deploy ransomware extort victims and launder proceeds of these activities Some of those proceeds included approximately 1091453 in virtual currency valued at the time of the theft which was separately seized by the US Attorneys Office for the District of Columbia using evidence collected by the US Attorneys Office for the Eastern District of Virginia on or about June 21 2024ppAs previously described in a joint FBI and Cybersecurity Infrastructure Security Agency CISA Cybersecurity Advisory BlackSuit Royal ransomware attacks have targeted numerous critical infrastructure sectors including but not limited to critical manufacturing government facilities healthcare and public health and commercial facilities The advisory also describes the tactics techniques and procedures TTPs used and indicators of compromise IOCs to help organizations protect against ransomwareppRoyal victims are typically required to pay ransoms in BTC by accessing a darknet website On or about April 4 2023 a victim paid a ransom of 493120227 Bitcoin to decrypt their data This ransom was worth 144545486 at the time of the transaction A portion of those proceeds 1091453 was repeatedly deposited and withdrawn into a virtual currency exchange account until the funds were frozen by that exchange on or about Jan 9 2024ppHSI the US Secret Service IRSCI and the FBI are investigating the case alongside the United Kingdoms National Crime Agency and Northwest Regional Organized Crime Unit Germanys Landeskriminalamt Niedersachsen Irelands An Garda Síochána Garda National Cyber Crime Bureau Frances Office AntiCybercriminalité Canadas Royal Canadian Mounted Police and Delta Police Department Ukraines National Police Cyber Police Department and Lithuanias Criminal Police BureauppThe government is represented by Assistant US Attorney Laura D Withers for the Eastern District of Virginia Trial Attorney Jacques SingerEmery of the National Security Divisions National Security Cyber Section and Assistant US Attorney Rick Blaylock Jr for the District of ColumbiappNicholas John Roske 29 of Simi Valley California was sentenced today to 97 months in federal prison to be followed by a lifetime of supervised release for attempting to killppLatvian national Oleg Chistyakov aka Olegs Čitsjakovs 56 pleaded guilty today for his role in a yearslong conspiracy to circumvent US export laws by filing false export forms with theppA federal jury today convicted Ryan Wesley Routh 59 of Hawaii for attempting to assassinate President Donald J Trump when he was a major presidential candidate in a sniper attackppOffice of Public AffairsUS Department of Justice950 Pennsylvania Avenue NWWashington DC 20530ppOffice of Public Affairs Direct Line2025142007ppDepartment of Justice Main Switchboard2025142000ppSignup for Email UpdatesSocial MediappppHave a question about Government Servicesp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppArchived NewsppThe Justice Department announced today coordinated actions against the BlackSuit Royal Ransomware group which included the takedown of four servers and nine domains on July 24 2025 The takedown was conducted by the Department of Homeland Securitys Homeland Security Investigations HSI the US Secret Service IRS Criminal Investigation IRSCI the FBI and international law enforcement from the United Kingdom Germany Ireland France Canada Ukraine and Lithuania These actions include the unsealing of a warrant for the seizure of virtual currency valued at 1091453 at the time of the seizure The unsealing was announced today jointly by the US Attorneys Offices for the Eastern District of Virginia and the District of ColumbiappThe BlackSuit ransomware gangs persistent targeting of US critical infrastructure represents a serious threat to US public safety said Assistant Attorney General for National Security John A Eisenberg The National Security Division is proud to be part of an ongoing team of government agencies and partners working to protect our Nation from threats to our critical infrastructureppThis action exemplifies the forwardleaning disruptionfirst approach we are taking to address this threat said US Attorney Erik S Siebert for the Eastern District of Virginia When it comes to protecting US businesses critical infrastructure and other victims from ransomware and other cyberthreat actors we will pull no punchesppToo often we see the damage ransomware causes to systems that then allows cybercriminals to wreak havoc on corporations and others said US Attorney Jeanine Ferris Pirro for the District of Columbia Whether these criminals target law enforcement other government agencies or private companies my office and our law enforcement partners stand ready to go toetotoe with criminals and make victims wholeppDisrupting ransomware infrastructure is not only about taking down servers its about dismantling the entire ecosystem that enables cybercriminals to operate with impunity said Deputy Assistant Director Michael Prado for HSIs Cyber Crimes Center C3 This operation is the result of tireless international coordination and shows our collective resolve to hold ransomware actors accountableppThis operation strikes a critical blow to BlackSuits infrastructure and operations said Special Agent in Charge William Mancino of the US Secret Services Criminal Investigative Division The US Secret Service is committed to working alongside our law enforcement partners to dismantle criminal enterprises and prevent the deployment of malicious ransomware that victimizes businesses and organizationsppThis announcement demonstrates IRS Criminal Investigations commitment to disrupting the illicit flow of money that enables cyber criminals to illegally launder millions in cryptocurrency said Executive Special Agent in Charge Kareem Carter of the IRSCI Washington Field Office Criminal software like the BlackSuit Ransomware group is deployed to steal extort victims and launder proceeds of these activities IRS Criminal Investigation Washington DC Cyber Crimes Unit will continue to work hand in hand with our law enforcement partners to leverage all available tools to identify apprehend and hold accountable these bad actors and put an end to their illicit activityppAs detailed in an announcement by HSI an operation by US law enforcement in close coordination with international partners successfully seized servers domains and digital assets used by the BlackSuit Ransomware group to deploy ransomware extort victims and launder proceeds of these activities Some of those proceeds included approximately 1091453 in virtual currency valued at the time of the theft which was separately seized by the US Attorneys Office for the District of Columbia using evidence collected by the US Attorneys Office for the Eastern District of Virginia on or about June 21 2024ppAs previously described in a joint FBI and Cybersecurity Infrastructure Security Agency CISA Cybersecurity Advisory BlackSuit Royal ransomware attacks have targeted numerous critical infrastructure sectors including but not limited to critical manufacturing government facilities healthcare and public health and commercial facilities The advisory also describes the tactics techniques and procedures TTPs used and indicators of compromise IOCs to help organizations protect against ransomwareppRoyal victims are typically required to pay ransoms in BTC by accessing a darknet website On or about April 4 2023 a victim paid a ransom of 493120227 Bitcoin to decrypt their data This ransom was worth 144545486 at the time of the transaction A portion of those proceeds 1091453 was repeatedly deposited and withdrawn into a virtual currency exchange account until the funds were frozen by that exchange on or about Jan 9 2024ppHSI the US Secret Service IRSCI and the FBI are investigating the case alongside the United Kingdoms National Crime Agency and Northwest Regional Organized Crime Unit Germanys Landeskriminalamt Niedersachsen Irelands An Garda Síochána Garda National Cyber Crime Bureau Frances Office AntiCybercriminalité Canadas Royal Canadian Mounted Police and Delta Police Department Ukraines National Police Cyber Police Department and Lithuanias Criminal Police BureauppThe government is represented by Assistant US Attorney Laura D Withers for the Eastern District of Virginia Trial Attorney Jacques SingerEmery of the National Security Divisions National Security Cyber Section and Assistant US Attorney Rick Blaylock Jr for the District of ColumbiappNicholas John Roske 29 of Simi Valley California was sentenced today to 97 months in federal prison to be followed by a lifetime of supervised release for attempting to killppLatvian national Oleg Chistyakov aka Olegs Čitsjakovs 56 pleaded guilty today for his role in a yearslong conspiracy to circumvent US export laws by filing false export forms with theppA federal jury today convicted Ryan Wesley Routh 59 of Hawaii for attempting to assassinate President Donald J Trump when he was a major presidential candidate in a sniper attackppOffice of Public AffairsUS Department of Justice950 Pennsylvania Avenue NWWashington DC 20530ppOffice of Public Affairs Direct Line2025142007ppDepartment of Justice Main Switchboard2025142000ppSignup for Email UpdatesSocial MediappppHave a question about Government Servicesp
