A coordinated international law enforcement operation, dubbed “Operation Checkmate,” has successfully seized the dark web infrastructure of the notorious BlackSuit ransomware group. The takedown, a significant blow to the cybercriminal enterprise, was the result of a collaborative effort involving the U.S. Department of Homeland Security and other global partners. The seized websites, which included the gang’s data leak and negotiation portals, now display a notice confirming the law enforcement action. This disruption deals a major setback to BlackSuit’s ability to extort victims and leak their stolen data.
BlackSuit is allegedly a rebranding of the infamous Royal and Conti ransomware gangs, known for their aggressive double-extortion tactics. The group would first infiltrate a victim’s network, exfiltrate sensitive data, and then encrypt the organization’s files, rendering them inaccessible. A ransom would then be demanded for the decryption key and the deletion of the stolen information. BlackSuit has been linked to numerous attacks across various critical sectors, causing significant financial and operational damage to its victims worldwide.
Some of the recent victims of the BlackSuit ransomware group allegedly include:
- 🇺🇸 CDK Global: A major provider of software to car dealerships across North America. The attack caused widespread disruption to the automotive retail industry.
- 🇯🇵 Kadokawa Corporation: A large Japanese media and entertainment company. The attack resulted in the theft of a significant amount of data.
- 🇨🇭 Octapharma Plasma: A Swiss-based healthcare company specializing in plasma collection.
- 🇺🇸 Kansas City Aviation Center: A full-service aviation company in the United States.
- 🇧🇷 Government of Brazil: Various government portals were reportedly targeted by the ransomware group.
