- Many law enforcement organizations have gathered to disrupt the black combination
- Ransomware operators have had several seized websites
- No arrest had been made
The notorious Blacksuit ransomware operator has disrupted its infrastructure by a major law enforcement campaign.
As part of the action, the main blacksuit website, accessible via the onion router (TOR), was degraded and left with a banner usually supported by the police after the field crisis.
“This site was seized by American surveys on internal security as part of an international survey on the application of coordinated laws,” said the banner.
Medusa claims responsibility
US Homeland Security, the American Department of Justice (DOJ), the FBI and other agencies have not yet published an official announcement concerning the withdrawal, but the DOJ confirmed that the action was part of the Checkmate operation.
In addition to the main site, other websites (including the leak site and the negotiation site) have also been closed.
It was an international operation, carried out by the American secret services, the Dutch national police, the Criminal Police Office of the German State, the National Crime Agency, the Office of the Prosecutor General of Frankfurt, the Ministry of Justice, the Ukrainian, Europol and others.
Bitdefender, a private cybersecurity company, has also helped, saying: “We congratulate our law implementation partners for their coordination and determination. Operations like this strengthen the essential role of public-private partnerships in monitoring, exhibition and, ultimately, the dismantling of ransom groups that work in the shadows.”
A report by the United States Ministry of Health and Social Services published at the end of November 2023 said that the dark had been spotted for the first time in the same year, showing “striking parallels with Royal, the direct successor of the Old Operation of Conti linked to Russian”.
Unfortunately, eliminating websites and seizing the infrastructure rarely stops ransomware attacks – that slows them down a bit. It is generally a few weeks for threat actors to recover and continue where they had stopped, and will not generally stop as long as they are not arrested.
Via Bleeping Compompute
