"The seized funds were traced to a cryptocurrency address allegedly associated with a member of the Chaos ransomware group, known as 'Hors,' who has been tied to ransomware attacks against victims here in the Northern District of Texas and elsewhere," reads the FBI's announcement. FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. The cryptocurrency was seized from the relatively new Chaos ransomware operation that is believed to be a rebrand of the BlackSuit ransomware group. As the BlackSuit ransomware operation had its dark web extortion sites seized by law enforcement last week, it's possible that the law enforcement investigation uncovered this cryptocurrency wallet as part of the operation. In June 2023, after feeling pressure from law enforcement for the attack on the City of Dallas, Texas, the Royal ransomware operation began testing a new BlackSuit encryptor, eventually rebranding as BlackSuit. The new Chaos ransomware operation stems from the notorious Conti ransomware gang, which suffered a data breach and shut down in June 2022. In January 2023, the Royal (Quantum) ransomware gang was launched, which was believed to be the direct successor to the notorious Conti operation. Civil forfeiture allows the government to file a complaint directly against the property, seeking to take permanent ownership of assets believed to be connected to criminal activity, in this case, ransomware. Although the name is the same as a low-tier ransomware variant whose builder has been used by cybercriminals since mid-2021, the new Chaos gang has no links to this older variant.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 29 Jul 2025 13:55:29 +0000