Home
Our Services
Free resources
- Privacy Research
  Free to use data privacy research
  Key Capabilities
  Latest privacy news tracking
  Product versions
  Latest privacy news tracking
  Track the latest news, breaches and fines
  Key features
  Tracks the latest breaches and fines
  View by industry
  View by breach method
  View by privacy topic
  Links to original articles
  Free to use
  
  Learn more »
  Latest Threat Intelligence
  Product versions
  Latest Threat Intelligence
  Track the Common Vulnerability Exposures (CVEs)
  Key features
  Tracks the latest vulnerabilities
  View by company
  View by breach method
  Links to NVD
  Free to use
  
  Learn more »
  Breach modelling and ROI calculator
  Product versions
  Breach modelling and ROI calculator
  Model what a breach would look like for you in your industry and use this to calculate your return on investment
  Key features
  Model your breach
  Assess the severity
  Compare by industry
  Breakdown costs
  Export to your business plan
  Free to use
  
  Learn more »
Privacy news
Company
- About Us
- FAQ
- Contact Us

BlackSuit ransomware extortion sites seized in Operation Checkmate

pSonicWall Firewall configs stolen for all cloud backup customersppNew FileFix attack uses cache smuggling to evade security softwareppHackers claim Discord breach exposed data of 55 million usersppGoogles new AI bug bounty program pays up to 30000 for flawsppHarvard investigating breach linked to Oracle zeroday exploitppThe 380 refurbished Surface Laptop 3 with i7 performance and 16GB RAMppFake Inflation Refund texts target New Yorkers in new scamppGet your first year of Sams Club membership for 15 MSRP 50ppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppLaw enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation which has targeted and breached the networks of hundreds of organizations worldwide over the past several yearsppThe US Department of Justice confirmed the takedown in an email earlier today saying the authorities involved in the action executed a courtauthorized seizure of the BlackSuit domainsppEarlier today the websites on the BlackSuit onion domains were replaced with seizure banners announcing that the ransomware gangs sites were taken down by the US Homeland Security Investigations federal law enforcement agency as part of a joint international action codenamed Operation CheckmateppThis site has been seized by US Homeland Security Investigations as part of a coordinated international law enforcement investigation the banner readsppBleepingComputer has confirmed that the seized sites include dark web data leak blogs and negotiation sites used to extort victims into paying ransom demands ppOther law enforcement authorities that participated in this joint operation include the US Secret Service the Dutch National Police the German State Criminal Police Office the UK National Crime Agency the Frankfurt General Prosecutors Office the Justice Department the Ukrainian Cyber Police Europol and othersppA spokesperson for Romanian cybersecurity company Bitdefender also told BleepingComputer that its cybercrime unit known as Draco Team provided cybersecurity consulting and guidance to law enforcement partners throughout Operation CheckmateppWe commend our law enforcement partners for their coordination and determination Operations like this reinforce the critical role of publicprivate partnerships in tracking exposing and ultimately dismantling ransomware groups that operate in the shadows Bitdefender saidppOn Thursday the Cisco Talos threat intelligence research group reported that it had found evidence suggesting the BlackSuit ransomware gang is likely to rebrand itself once again as Chaos ransomwareppTalos assesses with moderate confidence that the new Chaos ransomware group is either a rebranding of the BlackSuit Royal ransomware or operated by some of its former members the researchers said ppThis assessment is based on the similarities in TTPs including encryption commands the theme and structure of the ransom note and the use of LOLbins and RMM tools in their attacksppBlackSuit started as Quantum ransomware in January 2022 and is believed to be a direct successor to the notorious Conti cybercrime syndicate While they initially used encryptors from other gangs such as ALPHVBlackCat they deployed their own Zeon encryptor soon after and rebranded as Royal ransomware in September 2022ppIn June 2023 after targeting the City of Dallas Texas the Royal ransomware gang began working under the BlackSuit name following the testing of a new encryptor called BlackSuit amid rumors of a rebrandingppCISA and the FBI first revealed in a November 2023 joint advisory that Royal and BlackSuit share similar tactics while their encryptors exhibit obvious coding overlaps The same advisory linked the Royal ransomware gang to attacks targeting over 350 organizations worldwide since September 2022 resulting in ransom demands exceeding 275 millionppThe two agencies confirmed in August 2024 that the Royal ransomware had rebranded as BlackSuit and had demanded over 500 million from victims since surfacing more than two years priorppUpdate 72425 Updated article to include that negotiation sites were seized as wellppJoin the Breach and Attack Simulation Summit and experience the future of security validation Hear from top experts and see how AIpowered BAS is transforming breach and attack simulationppDont miss the event that will shape the future of your security strategyppFBI takes down BreachForums portal used for Salesforce extortionppPolice disrupts Streameast largest pirated sports streaming networkppUS seizes 28 million in crypto from Zeppelin ransomware operatorppHackers now use Velociraptor DFIR tool in ransomware attacksppQilin ransomware claims Asahi brewery attack leaks datappNot a member yet Register NowppFBI takes down BreachForums portal used for Salesforce extortionppWindows 11 23H2 Home and Pro reach end of support in 30 daysppApple now offers 2 million for zeroclick RCE vulnerabilitiesppThe role of Artificial Intelligence in todays cybersecurity landscapeppSee how Material secures Gmail Drive with EDRstyle detection and rapid responseppRedefine security validation with Picus AIdriven Breach and Attack SimulationppMake the leapget certified with VMUG Advantage Start your career journey todayppJoin Huntress to discuss all things tradecraft in a monthly meeting of the technical mindsppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp

Read the original article 24 Jul 2025

Key Capabilities

Latest privacy news tracking

Latest Threat Intelligence

Breach modelling and ROI calculator

BlackSuit ransomware extortion sites seized in Operation Checkmate