Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Dark Angels. Show all posts

Fortune 50 Company Pays Record $75 Million Ransom to Dark Angels Gang


A Fortune 50 company has paid a record-breaking $75 million ransom to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. This payment is the largest publicly known ransom, surpassing the previous high of $40 million paid by insurance company CNA after an attack by Evil Corp.

Who Are the Dark Angels?

Dark Angels is a ransomware group that began operating in May 2022. Unlike many other ransomware gangs, they focus on a few high-value targets instead of attacking many smaller companies. They gain access to corporate networks, steal sensitive data, and then use this data to demand large ransoms.

The $75 million ransom was confirmed by both Zscaler ThreatLabz and crypto intelligence firm Chainalysis. The identity of the company that paid the ransom has not been disclosed, but it is known that the attack occurred in early 2024 and involved a Fortune 50 company.

One potential victim is Cencora, a pharmaceutical company ranked #10 on the Fortune 50 list, which experienced a cyberattack in February 2024. Cencora has not confirmed whether it paid the ransom, and no ransomware gang had previously claimed responsibility for the attack.

Dark Angels' Methods

Dark Angels typically breach networks and move laterally to gain administrative access. They steal data from servers and use it to pressure companies into paying ransoms. Initially, they used Windows and VMware ESXi encryptors based on Babuk ransomware's leaked source code. They later switched to a Linux encryptor similar to the one used by Ragnar Locker, a gang disrupted by law enforcement in 2023.

In an attack on Johnson Controls, Dark Angels claimed to have stolen 27 TB of data and demanded $51 million. The gang runs a data leak site, 'Dunghill Leaks,' where they threaten to publish stolen data if ransoms are not paid.

The Big Game Hunting Strategy

Zscaler ThreatLabz explains that Dark Angels uses a "Big Game Hunting" approach, targeting a few large companies rather than many smaller ones. This strategy aims for massive payouts from high-value targets.

"The Dark Angels group attacks one large company at a time," said Zscaler ThreatLabz researchers. This approach contrasts with other ransomware gangs that target multiple victims indiscriminately and outsource much of the attack process.

The $75 million ransom payment highlights the growing threat of sophisticated ransomware attacks. Companies must strengthen their cybersecurity measures, train employees, and have rapid response plans to combat these threats. As ransomware gangs become more targeted and strategic, robust cybersecurity becomes increasingly critical.

The massive ransom paid to Dark Angels sets a new record and signals an escalating threat. Businesses must stay vigilant and proactive to protect themselves from these highly targeted and costly cyberattacks.