Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Carding News (http://txgate.io:443/forumdisplay.php?f=38)
-   -   FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation (http://txgate.io:443/showthread.php?t=51302113)

Artifact 07-30-2025 10:21 AM
<div id="post_message_806042">
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/content/hl-images/2022/12/16/FBI__headpic.jpg"/><br/>
<br/>
FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.<br/>
<br/>
The crypto was seized on April 15, 2025, and was traced to an affiliate named "Hors," who is suspected of launching the attacks against the companies.<br/>
<br/>
"The seized funds were traced to a cryptocurrency address allegedly associated with a member of the Chaos ransomware group, known as 'Hors,' who has been tied to ransomware attacks against victims here in the Northern District of Texas and elsewhere," <a href="https://x.com/FBIDallas/status/1949851086795288670" target="_blank">reads the FBI's announcement</a>.<br/>
<br/>
"As the result of the actions, 20.2891382 BTC was seized (now valued at over $2.3 million) from cryptocurrency address bc1q5d8af0crjhlnepjq08muhh55899rf2ktye3sxd on April 15, 2025."<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1220909/2025/July/fbi.png"/><br/>
<br/>
The U.S. Department of Justice released an announcement informing that, on July 24, 2025, it filed a civil complaint seeking the <a href="https://www.justice.gov/usao-ndtx/pr/united-states-files-civil-complaint-northern-district-texas-seeking-forfeiture-over-17" target="_blank">forfeiture of the amount the FBI seized</a>, which is now valued at over $2,400,000.<br/>
<br/>
Civil forfeiture allows the government to file a complaint directly against the property, seeking to take permanent ownership of assets believed to be connected to criminal activity, in this case, ransomware.<br/>
<br/>
<b><font size="4"><font color="White">Chaos ransomware revival</font></font></b><br/>
<br/>
The cryptocurrency was seized from the relatively new <a href="http://blog.talosintelligence.com/new-chaos-ransomware/" target="_blank">Chaos ransomware operation</a> that is believed to be a rebrand of the BlackSuit ransomware group.<br/>
<br/>
Although the name is the same as a low-tier ransomware variant whose builder has been used by cybercriminals since mid-2021, the new Chaos gang has no links to this older variant.<br/>
<br/>
The new Chaos ransomware operation stems from the notorious Conti ransomware gang, which <a href="https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/" target="_blank">suffered a data breach</a> and <a href="https://www.bleepingcomputer.com/news/security/conti-ransomware-finally-shuts-down-data-leak-negotiation-sites/" target="_blank">shut down in June 2022</a>. Its members then splintered into numerous other ransomware gangs.<br/>
<br/>
In January 2023, the Royal <a href="https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/" target="_blank">(Quantum) ransomware gang was launched</a>, which was believed to be the direct successor to the notorious Conti operation.<br/>
<br/>
In June 2023, after feeling pressure from law enforcement for the attack on <a href="https://www.bleepingcomputer.com/news/security/city-of-dallas-hit-by-royal-ransomware-attack-impacting-it-services/" target="_blank">the City of Dallas, Texas</a>, the Royal ransomware operation began <a href="https://www.bleepingcomputer.com/news/security/royal-ransomware-gang-adds-blacksuit-encryptor-to-their-arsenal/" target="_blank">testing a new BlackSuit encryptor</a>, eventually rebranding as BlackSuit.<br/>
<br/>
Cisco Talos researchers believe the new Chaos ransomware is a rebrand of BlackSuit based on similarities in the encryption, ransom note structure, and the toolset used in the attacks. <br/>
<br/>
While the U.S. DOJ and FBI have not explicitly distinguished which Chaos group 'Hors' belonged to, BleepingComputer confirmed that the Bitcoin seizure is linked to the new Chaos operation.<br/>
<br/>
As the BlackSuit ransomware operation had its dark web extortion sites <a href="https://www.bleepingcomputer.com/news/security/law-enforcement-seizes-blacksuit-ransomware-leak-sites/" target="_blank">seized by law enforcement last week</a>, it's possible that the law enforcement investigation uncovered this cryptocurrency wallet as part of the operation.<br/>
<br/>
<a href="https://www.bleepingcomputer.com/news/security/fbi-seizes-24m-in-bitcoin-from-new-chaos-ransomware-operation" target="_blank">@ BleepingComputer </a>
</div>


All times are GMT. The time now is 02:42 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.