US seizes servers and $1 million in bitcoins from Russian hackers
The US Department of Justice has announced the seizure of servers and about $1 million in bitcoins from a Russian hacking group involved in the distribution of BlackSuit and Royal ransomware, TechCrunch reports.
BlackSuit and Royal are ransomware families of Russian origin that are used to encrypt victims' data for the purpose of extorting ransom. Both types of attacks aim to make information inaccessible without a special decryption key, which the attackers promise to provide after payment.
The operation was conducted on July 24, 2025, in collaboration with law enforcement agencies from Canada, Germany, Ireland, France, the United Kingdom, and other countries. As a result, 4 servers and 9 domains used for attacks were seized. According to the US Immigration and Customs Enforcement, the attackers have compromised more than 450 organizations in the United States since 2022, including in the healthcare, education, energy, government, and public safety sectors.
According to the US Cybersecurity and Infrastructure Security Agency, the total amount of demands from the BlackSuit group exceeded $500 million, and the largest single ransom request was $60 million. As of 2025, cybercriminals had received over $370 million in ransom.
The confiscated funds were found in a digital exchange account that had been frozen since January 2024. Representatives of the Department of Justice emphasized that the group's activities posed a serious threat to US critical infrastructure and the safety of citizens.