The U.S. Department of Justice said on Monday that it has dismantled part of the infrastructure used by the Russian gang behind the BlackSuit and Royal ransomware strains, seizing four servers, nine domains and roughly $1 million in bitcoin. The operation, carried out on 24 July and made public on 11 August, was led by Homeland Security Investigations with support from authorities in Canada, Germany, Ireland, France, the United Kingdom and other countries. According to court papers and a parallel update from the Department of Homeland Security’s investigative unit, the gang has compromised more than 450 victims in the United States, hitting hospitals, schools, public-safety agencies, energy companies and local governments. U.S. officials estimate the criminal enterprise has extracted more than $370 million in ransom payments since 2022, with individual demands reaching as high as $60 million. Officials portrayed the seizure as a significant disruption but warned that affiliated actors may attempt to rebuild their infrastructure. Law-enforcement agencies urged organisations that encounter BlackSuit or Royal ransomware to preserve evidence and report incidents, emphasising that the investigation remains active and that further enforcement actions are possible.