The United States Department of Justice said Monday it has dismantled part of a prolific Russian cybercrime operation, seizing four servers, nine domains, and $1 million in bitcoin linked to the ransomware strains BlackSuit and Royal.

The takedown, carried out on July 24, was the result of a joint operation involving law enforcement agencies from the U.S., Canada, Germany, Ireland, France, the U.K., and other countries. The cryptocurrency was recovered from a digital exchange account whose assets had been frozen in January 2024.

BlackSuit and Royal, believed to be developed by the same Russian gang, have targeted critical infrastructure in the U.S. and abroad. According to the Cybersecurity and Infrastructure Security Agency, the group has demanded more than $500 million in ransom, including a single demand of $60 million.

“The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to U.S. public safety,” said Assistant Attorney General for National Security John A. Eisenberg.

Homeland Security Investigations said the two ransomware strains have compromised over 450 U.S. victims — including organizations in healthcare, education, public safety, energy, and government — and have collected more than \$370 million in ransom payments since 2022.