The US Seizes $1 Million in Bitcoin from Russian Ransomware Group Along with Associated Servers

BlockBeats News, August 12, US and international law enforcement agencies seized 4 servers, 9 domain names, and approximately $1 million in bitcoin related to a notorious Russian ransomware group accused of attacking hundreds of organizations across key sectors.

The US Department of Justice stated that the operation took place on July 24 and was jointly carried out by agencies from the US, Canada, Germany, Ireland, France, the UK, Ukraine, Lithuania, and other countries, targeting infrastructure related to the BlackSuit and Royal ransomware. Investigators believe that these two ransomware variants were developed by the same cybercriminal group.

Authorities said that since 2022, the group has extorted over $500 million in ransom payments, with a single largest ransom reaching $60 million. It is alleged that during this time, they targeted over 450 victims in the US, including hospitals, schools, police departments, energy companies, and government agencies, illicitly profiting at least $370 million.

The seized cryptocurrency in this case was valued at $1,091,453 at the time of confiscation and originated from a digital wallet frozen by a trading platform in January 2024. According to court documents, this fund included a partial bitcoin ransom payment made by a victim in April 2023, totaling $1.45 million.

Victims of BlackSuit and Royal are often demanded to pay ransom in bitcoin through dark web portals. Cybersecurity officials warn that operators of such malware often employ intimidation tactics along with sophisticated data exfiltration techniques, making data recovery difficult without paying the ransom.