Gardaí Help Take Down Major International Ransomware Gang

Irish cyber crime detectives have played a key role in dismantling the Blacksuit Ransomware Group's criminal infrastructure, in a major international operation that seized the gang's dark web sites used to extort victims worldwide.

The Garda National Cyber Crime Bureau joined forces with US Immigration and Customs Enforcement (ICE) Homeland Security Investigations and law enforcement agencies from seven countries to deliver a significant blow to the organised crime group. The operation successfully seized and took down the gang's critical infrastructure, including their dark web leaks page where they publicly shamed victims who refused to pay ransoms, and their victim negotiation site used to communicate ransom demands.

The Blacksuit ransomware group, which emerged in May 2023, represents the latest evolution of a notorious cyber criminal enterprise. The gang arose from a rebranding of the Royal Ransomware Group, which itself originated from the infamous Conti Ransomware Group: a criminal network responsible for devastating ransomware attacks internationally.

The operation brought together an impressive coalition of international law enforcement, including the US Department of Homeland Security, US Secret Service, FBI, Dutch National Police, German State Criminal Police Office, UK National Crime Agency, Frankfurt General Prosecutor's Office, Ukrainian Cyber Police, and Europol, with assistance from private sector partners.

For Irish businesses and citizens who have increasingly found themselves in the crosshairs of ransomware attacks, the operation represents a significant victory. The seizure of these criminal platforms means the gang has lost its primary means of pressuring victims into paying ransoms and conducting negotiations.

Assistant Commissioner for Organised and Serious Crime:

"An Garda Síochána will continue to work with our international law enforcement colleagues and private partners to identify, target and disrupt organised crime groups using the infrastructure to carry out ransomware and other forms of cybercrime. Our work to date involving close collaboration with international partners, including this seizure and takedown of key online operational infrastructure will continue as part of our ongoing effort to keep people safe both on and offline."

The dark web leaks page functioned as a digital pillory where the ransomware group would publish names and data of victims who refused to pay or engage with them: a tactic designed to maximise pressure through public embarrassment and potential regulatory consequences. The victim negotiation site, meanwhile, served as the primary communication channel between the criminals and their victims, typically accessible only to those who had been targeted.

Visitors to the seized domains now encounter a "splashscreen" message from law enforcement, signalling that authorities have taken control of the criminal infrastructure.

The operation demonstrates the growing sophistication and coordination of international cyber crime enforcement efforts, with Irish detectives playing an increasingly important role in global operations against ransomware groups that threaten businesses and public services worldwide.