TZUTC: -0500   
   MSGID: 1285.consprcy@1:2320/105 2ced17ce   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Top ransomware group BlackSuit has dark web extortion sites seized and shut   
   down   
      
   Date:   
   Mon, 28 Jul 2025 16:09:00 +0000   
      
   Description:   
   Operation Checkmate successfully disrupted BlackSuit, but for how long?   
      
   FULL STORY   
      
   Notorious ransomware operator BlackSuit has had its infrastructure disrupted   
   by a major law enforcement campaign.    
      
   As part of the action, BlackSuits main website, accessed through The Onion   
   Router (TOR), was defaced and left with a banner usually propped up by law   
   enforcement after domain seizure.    
      
   "This site has been seized by U.S. Homeland Security Investigations as part    
   of a coordinated international law enforcement investigation," the banner   
   said.   
      
   Medusa claims responsibility    
      
   US Homeland Security, the US Department of Justic (DoJ), the FBI, and other   
   agencies have not yet published an official announcement regarding the   
   takedown, but the DoJ has confirmed the action was part of Operation   
   Checkmate.    
      
   Besides the main site, other websites (including the leak site and    
   negotiation site) were also shut down.    
      
   This was an international operation, conducted by the US Secret Service, the   
   Dutch National Police, the German State Criminal Police Office, the UK   
   National Crime Agency, the Frankfurt General Prosecutor's Office, the Justice   
   Department, the Ukrainian Cyber Police, Europol, and others.    
      
   Bitdefender, a private cybersecurity company, also assisted, saying, "We   
   commend our law enforcement partners for their coordination and    
   determination. Operations like this reinforce the critical role of   
   public-private partnerships in tracking, exposing, and ultimately dismantling   
   ransomware groups that operate in the shadows."    
      
   A US Department of Health and Human Services report published in late    
   November 2023 said BlackSuit was first spotted in May that year, showing   
   striking parallels with Royal, the direct successor of the former notorious   
   Russian-linked Conti operation.    
      
   Unfortunately, taking down websites and seizing infrastructure rarely stops   
   ransomware attacks - it just slows them down a little bit. It usually takes a   
   few weeks for threat actors to recover and continue where they left off, and   
   usually wont stop until they are arrested.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/top-ransomware-group-blacksuit-has-dark   
   -web-extortion-sites-seized-and-shut-down   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426