Shock for cybercriminals: Ransomware group smashed Blacksuit!

Shock for cybercriminals: Ransomware group smashed Blacksuit!

Dallas, USA - In July 2025, the machinations of the dreaded Ransomware Group Blacksuit, which was previously known as Royal, were successfully stopped by international investigators. This was done as part of the "Checkmate" operation, in which a number of partner authorities, including the LKA Lower Saxony, deliberately bound communication and the spread of their malware in the Darknet. This group was considered highly professional and did not act as a ransomware-as-a-service, but developed its own tools and methods to target companies with high sales.

The double extortion method, which perfected Blacksuit, was particularly perfidious. In this procedure, data was not only encrypted, but also stolen, which increased the pressure on the victims enormously. Even if companies had backups, the publication of sensitive information on so -called shameblogs in the Darknet threatened. Between 2022 and 2025, Blacksuit compromised over 450 organizations in the United States, including well -known cities and companies, and blackmailed more than $ 500 million in the form of ransom. A remarkable business that reported its criminal activities to the next stage, such as b2b-cyber-security.de.

a huge blow against cybercrime

The international cooperation in the disgrace of Blacksuit was supported by several law enforcement agencies, such as the US Secret Service, the Dutch National Police, the British National Crime Agency and Europol. This multifunctional effort meant that numerous Dark Web pages, including the main page of Blacksuit, were confiscated. On these pages, the victims were threatened and confronted with ransom demands. The main website was even provided with a reference banner that indicates the confiscation by the US Homeland Security Investigations. However, there were no arrests, such as techradar.com reported.

During this operation, large amounts of data were secured to identify other members of the group. Initial indications indicate that parts of the group may already appear again under the name chaos with similar tactics and tools. This shows once again how changeable these criminal organizations are. It remains to be seen which measures can be taken to prevent repeating your activities.

ransomware trends in 2025

The breakdown of Blacksuit is an important milestone in the fight against organized cyber crime, especially in view of the current trends in the area of ransomware attacks. According to a current report, Ransomware is now accounting for 44 percent of all incidental incose cases. Companies are often affected, especially in the manufacturing sector and healthcare. In addition, the investigation shows that 96 percent of ransomware cases included data exiltration and that the average ransom request is around 600,000. However, companies that rely on professional Ransom negotiators can reduce the required amounts by astonishing 36 percent, as a report on security-insider.de Displays.