Ukraine has joined a large-scale international special operation called “Checkmate,” which disrupted the activities of the BlackSuit cybercrime group. This group was engaged in ransomware attacks, causing damage to organizations around the world.
According to the National Police of Ukraine, BlackSuit members created viruses that encrypted victims' computer systems. After that, the attackers demanded a ransom in cryptocurrency — not only for restoring access to data, but also for not disseminating confidential information. The total amount of the group's demands exceeded $500 million, and in some cases reached $60 million.
Operation Checkmate was the result of cooperation between many international structures: the US Homeland Security Service, the Dutch National Police, the German Criminal Police Office, the UK National Crime Agency, the Frankfurt Prosecutor's Office, the US Department of Justice, Europol, the Ukrainian Cyber Police, and Bitdefender from Romania.
As part of this operation, the group's web resources in one of the domain zones were confiscated, effectively halting their activities. The methods of operation of the attackers, who had been changing their name and approaches for several years, were also identified.
According to Ukrainian law enforcement officials, the cyber group operated under the name Quantum in early 2022, later as Royal, in 2023 as BlackSuit, and in 2025 changed its name to Chaos. Their scheme remained unchanged: complex encryption algorithms, ransom demands, and threats to disclose stolen data.
BlackSuit's main targets were public and private institutions in the United States, European countries, and Japan. The group avoided attacks on CIS countries.
Criminal proceedings have been opened in Ukraine under Part 5 of Article 361 of the Criminal Code — unauthorized interference with the operation of computer and communication systems. The sanction provides for a penalty of up to 15 years in prison.
This operation became an important example of international cooperation in the fight against global cyber threats.
