TL;DR:
- German prosecutors, alongside U.S. and European agencies, seized servers belonging to the notorious BlackSuit ransomware gang.
- The takedown occurred on July 24 and resulted in disabling the gang’s ransomware infrastructure.
- BlackSuit had over 180 victims worldwide, including U.S. cities and industries such as healthcare and manufacturing.
- The gang’s dark web leak site now displays a seizure notice following the coordinated law enforcement action.
- Former BlackSuit members are believed to have formed a new ransomware group called Chaos.
Joint U.S.-European Crackdown on BlackSuit Gang
German prosecutors announced a joint operation with U.S. authorities and Europol to take down the infrastructure used by the BlackSuit ransomware gang. The operation, carried out on July 24, involved seizing the gang’s servers and systems, effectively disabling their ransomware campaigns.
The operation was conducted with assistance from the U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations unit and Europol. According to official statements, the seized data will be instrumental in identifying and prosecuting the criminals behind these cyberattacks.
Impact on BlackSuit’s Operations and Victims
BlackSuit ransomware has been linked to numerous high-profile attacks, including against U.S. cities like Dallas, and organizations across the manufacturing, communications, and healthcare sectors. CISA issued warnings in 2024 regarding the gang’s rebranding from Royal to BlackSuit — a common tactic among ransomware groups to avoid sanctions and detection.
The gang’s leak site, once hosted on the dark web to publish stolen files and pressure victims for ransom, now shows a seizure notice confirming the law enforcement takedown.
Emergence of Chaos Ransomware Group
Security researchers have identified a new ransomware operation called Chaos, which appears to be composed of former BlackSuit members. This underscores the ongoing evolution and fragmentation within ransomware communities to evade law enforcement efforts.
For more details on ransomware group evolutions, see Cybersecurity & Infrastructure Security Agency’s advisory.
The Broader Fight Against Ransomware
This takedown highlights the growing international cooperation to combat ransomware threats. Agencies like Europol, ICE, and CISA continue to work together to disrupt criminal infrastructure, protect critical industries, and bring perpetrators to justice.
The Data
| Key Fact | Details | Source |
| Operation Date | July 24, 2025 | German Prosecutors |
| Number of Victims | 184 globally, including several in Germany | Europol |
| Agencies Involved | ICE HSI, Europol, German prosecutors | ICE Homeland Security |
| New Group Formed | Chaos ransomware gang from former BlackSuit members | CISA Advisory |
