Law enforcement seized the Tor-based leak site of the BlackSuit ransomware group, disrupting its extortion activities. BlackSuit, a rebranded Royal ransomware operation, targeted many industries and demanded hundreds of millions in ransoms; it may now be linked to the Chaos ransomware group. #BlackSuit #RoyalRansomware #ChaosRansomware #OperationCheckmate
Keypoints
- BlackSuit was a private ransomware group that rebranded from Royal ransomware in 2023.
- The group targeted multiple industries, stealing data before encrypting systems across Windows and Linux.
- As of July 2025, about 200 victims were listed on BlackSuit’s leak site, with ransom demands reaching over $500 million.
- The group primarily targeted large enterprises and SMBs, encrypting both local and network resources rapidly.
- Law enforcement and international agencies seized BlackSuit’s leak site, and Chaos ransomware is believed to be linked to its rebranding efforts.