Issue Date: 08/08/2025
As part of an ongoing joint operation conducted by international law enforcement, including the Garda National Cyber Crime Bureau, the United States Immigration and Customs Enforcement (ICE) Homeland Security Investigations led a major disruption operation resulting in the seizure and takedown of key operational infrastructure, including the dark web leaks page and the victim negotiation site, as well as domains attributed to the Blacksuit Ransomware Group.
Other law enforcement agencies involved in this operation included the United States Department of Homeland Security (DHS), U.S. Secret Service, US FBI, the Dutch National Police, the German State Criminal Police Office, the U.K. National Crime Agency, the Frankfurt General Prosecutor's Office, the Ukrainian Cyber Police, and Europol, assisted by private partners.
The Blacksuit ransomware group are an organised crime group responsible for the commission of ransomware and other serious cyber criminality internationally. The Blacksuit ransomware group emerged in May 2023, as a result of the rebranding of the Royal Ransomware Group; itself originating from the Conti Ransomware Group, responsible for a number of serious ransomware attacks internationally.
Commenting today on the operation, Assistant Commissioner for Organised and Serious Crime said;
‘An Garda Síochána will continue to work with our international law enforcement colleagues and private partners to identify, target and disrupt organised crime groups using the infrastructure to carry out ransomware and other forms of cybercrime. Our work to date involving close collaboration with international partners, including this seizure and takedown of key online operational infrastructure will continue as part of our ongoing effort to keep people safe both on an offline’.
