1. Forum
  2. FidoNet
  3. CONSPRCY

  • Checkmate disrupts BlackS

    From Mike Powell@1:2320/105 to All on Mon Jul 28 15:25:44 2025
    Top ransomware group BlackSuit has dark web extortion sites seized and shut down

    Date:
    Mon, 28 Jul 2025 16:09:00 +0000

    Description:
    Operation Checkmate successfully disrupted BlackSuit, but for how long?

    FULL STORY

    Notorious ransomware operator BlackSuit has had its infrastructure disrupted
    by a major law enforcement campaign.

    As part of the action, BlackSuits main website, accessed through The Onion Router (TOR), was defaced and left with a banner usually propped up by law enforcement after domain seizure.

    "This site has been seized by U.S. Homeland Security Investigations as part
    of a coordinated international law enforcement investigation," the banner
    said.

    Medusa claims responsibility

    US Homeland Security, the US Department of Justic (DoJ), the FBI, and other agencies have not yet published an official announcement regarding the takedown, but the DoJ has confirmed the action was part of Operation
    Checkmate.

    Besides the main site, other websites (including the leak site and
    negotiation site) were also shut down.

    This was an international operation, conducted by the US Secret Service, the Dutch National Police, the German State Criminal Police Office, the UK
    National Crime Agency, the Frankfurt General Prosecutor's Office, the Justice Department, the Ukrainian Cyber Police, Europol, and others.

    Bitdefender, a private cybersecurity company, also assisted, saying, "We commend our law enforcement partners for their coordination and
    determination. Operations like this reinforce the critical role of public-private partnerships in tracking, exposing, and ultimately dismantling ransomware groups that operate in the shadows."

    A US Department of Health and Human Services report published in late
    November 2023 said BlackSuit was first spotted in May that year, showing striking parallels with Royal, the direct successor of the former notorious Russian-linked Conti operation.

    Unfortunately, taking down websites and seizing infrastructure rarely stops ransomware attacks - it just slows them down a little bit. It usually takes a few weeks for threat actors to recover and continue where they left off, and usually wont stop until they are arrested.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-ransomware-group-blacksuit-has-dark -web-extortion-sites-seized-and-shut-down

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)