Details emerge on BlackSuit ransomware takedown | CyberScoop<\/title> <meta name=\"description\" content=\"The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/blacksuit-ransomware-takedown\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Details emerge on BlackSuit ransomware takedown\"> <meta property=\"og:description\" content=\"The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/blacksuit-ransomware-takedown\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-08-04T17:26:57+00:00\"> <meta property=\"article:modified_time\" content=\"2025-08-04T17:27:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2025\/08\/BlackSuit-seizure-e1754328399891.jpg\"> <meta property=\"og:image:width\" content=\"2000\"> <meta property=\"og:image:height\" content=\"1250\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1752617955g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1750115417g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85439\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85439\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fblacksuit-ransomware-takedown%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fblacksuit-ransomware-takedown%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85439 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/blacksuit-ransomware-takedown\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.458742632613\">\n<div class=\"single-article__header-content\" readability=\"34.2\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/blacksuit-ransomware-takedown\/\"> <span>Ransomware<\/span> <\/a> <\/li>\n<\/ul>\n<p> The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85439\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"400\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/details-emerge-on-blacksuit-ransomware-takedown.jpg?resize=640%2C400&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"BlackSuit site seizure notice\" decoding=\"async\" fetchpriority=\"high\"><figcaption> Seizure notice displayed on BlackSuit’s extortion site. (State Criminal Police Office Lower Saxony, Germany) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"59.1893730763\"><body readability=\"126.48557512177\"><\/p>\n<p>BlackSuit\u2019s technical infrastructure was seized in a globally coordinated takedown operation last month that authorities touted as a significant blow in the fight against cybercrime. The ransomware group\u2019s leak site has displayed a seizure notice since July 24.<\/p>\n<p>The takedown followed a long investigation, which allowed authorities to confiscate \u201cconsiderable amounts of data,\u201d and identify 184 victims, German officials said in a <a href=\"https:\/\/www.presseportal.de\/blaulicht\/pm\/105578\/6085950\">news release<\/a> last week. The group\u2019s <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-061a\">total extortion demands surpassed $500 million<\/a> by August 2024, with demands typically in the range of $1 million to $10 million, the Cybersecurity and Infrastructure Security Agency said in an advisory last year. <\/p>\n<p>U.S. authorities were heavily involved in the operation, but have yet to share details about the investigation or its results. BlackSuit\u2019s extortion site was seized by the Department of Homeland Security\u2019s Homeland Security Investigation department, a unit of U.S. Immigration and Customs Enforcement. <\/p>\n<p>A spokesperson for ICE told CyberScoop the Justice Department has been waiting for court documents to be unsealed before releasing any information about the law enforcement action dubbed \u201cOperation Checkmate.\u201d The FBI, Secret Service, Europol and cyber authorities from the United Kingdom, Germany, France, Ireland, Ukraine, Lithuania and Romania-based cybersecurity firm Bitdefender were also involved in the operation. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>German officials said the takedown prevented the spread of malware and disrupted BlackSuit\u2019s servers and communication. BlackSuit\u2019s data leak site contained more than 150 entries before the takedown, Bitdefender said in a <a href=\"https:\/\/www.bitdefender.com\/en-us\/blog\/businessinsights\/blacksuit-ransomware-seized-takedown\">blog post<\/a>. <\/p>\n<p>The majority of BlackSuit\u2019s victims were based in the U.S. and the industries most impacted by the ransomware group\u2019s attacks included manufacturing, education, health care and construction, according to Bitdefender. The company did not respond to a request for comment.<\/p>\n<p>While BlackSuit once commanded outsized attention for its consistent spree of attacks, researchers said the ransomware group\u2019s activities significantly decreased starting in December and remained low until its infrastructure was disrupted last month.<\/p>\n<p>BlackSuit associates were already dispersed prior to the global law enforcement action on the group\u2019s operations. <\/p>\n<p>The impact from the takedown will be limited because members already abandoned the BlackSuit brand early this year, Yelisey Boguslavskiy, co-founder and partner at RedSense, told CyberScoop. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>BlackSuit\u2019s reputation plummeted as victims learned of the group\u2019s Russian cybercrime lineage and declined to pay extortion demands out of fear that any financial support would evade sanctions imposed by the Treasury Department\u2019s Office of Foreign Assets Control, he said.<\/p>\n<p>As part of that pivot, former BlackSuit members have primarily used INC ransomware and its associated infrastructure this year. <\/p>\n<p>\u201cIt\u2019s not that they were concisely preparing for the takedown. Instead, they just felt brand fatigue,\u201d Boguslavskiy said. \u201cThey are very prone to rebranding often. It was two years without a rebrand, so the one was coming, and in the meantime, they were using INC as a newer name without baggage.\u201d<\/p>\n<p>BlackSuit emerged from the Conti ransomware group after a <a href=\"https:\/\/cyberscoop.com\/ransomware-gang-conti-bounced-back\/\">major leak of Conti\u2019s internal messages<\/a> led to a break up in 2022. Members of the Russian-language ransomware collective rebranded under three subgroups: Zeon, <a href=\"https:\/\/cyberscoop.com\/black-basta-internal-chat-leak\/\">Black Basta<\/a> and Quantum, which quickly rebranded to Royal before <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-061a\">rebranding again to BlackSuit in 2024<\/a>.<\/p>\n<p>The empowerment of INC is the \u201cmost important development in the Russian-speaking ransomware landscape, and the fact that now BlackSuit will double down on using their infrastructure is very concerning,\u201d Boguslavskiy said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The ransomware syndicate is composed of about 40 people, led by \u201cStern,\u201d who has established a massive system of alliances, forming a decentralized collective with links to other ransomware groups, including <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-109a\">Akira<\/a>, <a href=\"https:\/\/cyberscoop.com\/tag\/alphv\/\">ALPHV<\/a>, <a href=\"https:\/\/cyberscoop.com\/revil-ransomware-sentence-russia-time-served\/\">REvil<\/a>, <a href=\"https:\/\/cyberscoop.com\/fbi-europol-hive-ransomware-group\/\">Hive<\/a> and <a href=\"https:\/\/cyberscoop.com\/tag\/lockbit\/\">LockBit<\/a>, according to Boguslaviskiy. <\/p>\n<p>INC is currently the second largest Russian-speaking ransomware collective behind DragonForce, he said. <\/p>\n<p>BlackSuit was prolific, claiming more than 180 victims on its dedicated leak site dating back to May 2023, according to researchers at Sophos Counter Threat Unit. <\/p>\n<p>The ransomware group\u2019s main members have demonstrated their ability to rebrand and relaunch operations with ease. \u201cIt is likely that this latest takedown will have minimal impact on the ability of the individuals behind it to reorganize under a new banner,\u201d Sophos CTU said in a research note.<\/p>\n<p>Former members of BlackSuit emerged under a new ransomware group, Chaos, as early as February, Cisco Talos Incident Response researchers said in a <a href=\"https:\/\/blog.talosintelligence.com\/new-chaos-ransomware\/\">blog post<\/a> released the same day BlackSuit\u2019s technical infrastructure was seized. Chaos targets appear to be opportunistic and victims are primarily based in the U.S., according to Talos.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The FBI seized cryptocurrency allegedly controlled by a member of the Chaos ransomware group in April, the Justice Department said in a civil complaint seeking the forfeiture of the cryptocurrency last month. Officials said the seized cryptocurrency was <a href=\"https:\/\/www.justice.gov\/usao-ndtx\/pr\/united-states-files-civil-complaint-northern-district-texas-seeking-forfeiture-over-17\">valued at more than $1.7 million<\/a> when it was seized in mid-April.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.2661870503597\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/details-emerge-on-blacksuit-ransomware-takedown-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/blacksuit-ransomware-takedown\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Details emerge on BlackSuit ransomware takedown | CyberScoop Skip to<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3677,950,4725,72,2321,724,912,282,78,452,293,338,4726,669,2161,1733,1184,3678,4073,2834,462,3223,46,4727,256,1452,4728,270,2927,288,509,354,971],"tags":[3680,955,4729,73,2324,727,914,286,86,454,299,341,4730,671,2164,1735,1186,3681,4081,2837,463,3225,54,4731,262,1454,4732,276,2928,294,511,358,973],"class_list":["post-7861","post","type-post","status-publish","format-standard","hentry","category-akira","category-alphv","category-bitdefender","category-black-basta","category-blacksuit","category-cisco-talos","category-conti","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-department-of-homeland-security-dhs","category-department-of-justice-doj","category-dragonforce","category-federal-bureau-of-investigation-fbi","category-france","category-germany","category-hive-ransomware","category-inc","category-ireland","category-lithuania","category-lockbit","category-office-of-foreign-assets-control-ofac","category-ransomware","category-redsense","category-research","category-revil","category-royal","category-russia","category-sophos","category-threats","category-treasury-department","category-ukraine","category-united-kingdom-u-k","tag-akira","tag-alphv","tag-bitdefender","tag-black-basta","tag-blacksuit","tag-cisco-talos","tag-conti","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-department-of-homeland-security-dhs","tag-department-of-justice-doj","tag-dragonforce","tag-federal-bureau-of-investigation-fbi","tag-france","tag-germany","tag-hive-ransomware","tag-inc","tag-ireland","tag-lithuania","tag-lockbit","tag-office-of-foreign-assets-control-ofac","tag-ransomware","tag-redsense","tag-research","tag-revil","tag-royal","tag-russia","tag-sophos","tag-threats","tag-treasury-department","tag-ukraine","tag-united-kingdom-u-k"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/akira\/\" rel=\"category tag\">Akira<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/alphv\/\" rel=\"category tag\">ALPHV<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/bitdefender\/\" rel=\"category tag\">Bitdefender<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/black-basta\/\" rel=\"category tag\">Black Basta<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/blacksuit\/\" rel=\"category tag\">BlackSuit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco-talos\/\" rel=\"category tag\">Cisco Talos<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/conti\/\" rel=\"category tag\">Conti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-justice-doj\/\" rel=\"category tag\">Department of Justice (DOJ)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/dragonforce\/\" rel=\"category tag\">DragonForce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/france\/\" rel=\"category tag\">France<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/germany\/\" rel=\"category tag\">germany<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hive-ransomware\/\" rel=\"category tag\">Hive ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/inc\/\" rel=\"category tag\">INC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ireland\/\" rel=\"category tag\">Ireland<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lithuania\/\" rel=\"category tag\">Lithuania<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lockbit\/\" rel=\"category tag\">LockBit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/office-of-foreign-assets-control-ofac\/\" rel=\"category tag\">Office of Foreign Assets Control (OFAC)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/redsense\/\" rel=\"category tag\">RedSense<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/revil\/\" rel=\"category tag\">REvil<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/royal\/\" rel=\"category tag\">Royal<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sophos\/\" rel=\"category tag\">Sophos<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/treasury-department\/\" rel=\"category tag\">Treasury Department<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ukraine\/\" rel=\"category tag\">Ukraine<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/united-kingdom-u-k\/\" rel=\"category tag\">United Kingdom (U.K.)<\/a>","tag_info":"United Kingdom (U.K.)","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7861","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7861"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7861\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7861,"date":"2025-08-04T12:26:57","date_gmt":"2025-08-04T17:26:57","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85439"},"modified":"2025-08-04T12:26:57","modified_gmt":"2025-08-04T17:26:57","slug":"details-emerge-on-blacksuit-ransomware-takedown","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/08\/04\/details-emerge-on-blacksuit-ransomware-takedown\/","title":{"rendered":"Details emerge on BlackSuit ransomware takedown"},"content":{"rendered":"