An international law enforcement operation succeeded in seizing the dark web sites of the BlackSuit ransomware group. The takedown covers BlackSuit’s negotiation and data leak websites, after a court order approved the seizure.
The dark websites now display banners informing visitors that U.S. Homeland Security Investigations has seized the web properties as part of Operation CheckMate. Some law enforcement partners helped with the operation, such as the Federal Bureau of Investigation (FBI), U.S. Department of Justice, the U.S. Office of Foreign Assets Control (OFAC), the UK National Crime Agency, Europol, and law enforcement bureaus in Canada, Ukraine, Ireland, Germany, Lithuania, and France. The Romanian cybersecurity company BitDefender likewise helped during the operation. The authorities have not announced the operation or any other accomplishments.
BlackSuit ransomware initially showed up in June 2023 after a rebrand and an attack in Dallas, Texas. From September 2022 to June 2023, the group was called Royal. Before that time, Royal was called Quantum and was thought to have been founded by some members of the Conti ransomware group. The BlackSuit group has had over 180 victims (perhaps including HIPAA-compliant entities) around the world in addition to the more than 350 victims it had as the Royal ransomware group.
Although the takedown is wonderful news, researchers have indicated that BlackSuit may have relaunched or that ex-members of BlackSuit have created a different group, known as Chaos ransomware. Cisco Talos researchers mentioned in their blog post on June 24, 2025 that they have evaluated with reasonable confidence that members of the BlackSuit ransomware group formed the new group because of the resemblances in the encryption strategy, ransom note, and toolset employed in attacks. Chaos has already performed no less than ten attacks, primarily in America. The new group doesn’t seem to be focusing on any particular industries.
The seizure of BlackSuit’s facilities represents another milestone in the struggle against organized cybercrime, thanks to law enforcement partners for their support and dedication. Operations such as this strengthen the important role of public-private sector initiatives in monitoring, unveiling, and taking down ransomware groups. When global skills are aligned correctly, cybercriminals have fewer places to go.