BlackSuit dismantled
1 min read
BlackSuit dismantled: how one of the most active ransomware groups was brought down
On July 25, the international operation Checkmate (involving Europol, the FBI, HSI, and the Ukrainian cyber police) seized the darknet portals of BlackSuit, a ransomware group linked to Royal and Conti.
Why is this important?
BlackSuit had extorted tens of millions of dollars, causing an estimated $500 million in damage. Its double extortion model (encrypt + threaten to leak) was rendered powerless after its infrastructure was seized. Without Tor portals or communication channels, the group lost its ability to pressure victims.
π A key detail: BlackSuit was not just a βgroup similarβ to Royal... it was its direct heir, with a 98-99% match in its code base.
π Analyzing all entries in the BlackSuit group's victim list on Breach House, 154 cases with a defined country were identified:
The United States accounts for the absolute majority with around 65% of victims.
It is followed by the United Kingdom (6%), Canada (4%), and several European countries with smaller percentages.
This case demonstrates how ransomware evolves, mutates, and resurfaces under new names. Today it is BlackSuit, yesterday it was Royal and Conti... and tomorrow?
At Darkeye Industries, we follow them closely, collecting and updating the data leaked by these groups in real time.
Because understanding the history of ransomware is not just curiosity: it is anticipating what is to come.
Discover all attacks and leaks and check if your data has been compromised at:
π Breach House π HaveIbeenransomed?