Introduction:
In a shocking revelation, a Fortune 50 company has paid a record-breaking $75 million ransom to the Dark Angels ransomware gang, as reported by Zscaler ThreatLabz. This unprecedented payment highlights the growing threat of ransomware attacks and the escalating demands of cybercriminals.
Unprecedented Ransom Payment
According to the 2024 Zscaler Ransomware Report, the payment was made in early 2024, marking the highest known ransom payment to date. The previous record was held by insurance giant CNA, which paid $40 million after suffering an Evil Corp ransomware attack. This record-breaking ransom was further confirmed by crypto intelligence company Chainalysis, which tweeted about the incident.
While Zscaler did not disclose the identity of the Fortune 50 company, they mentioned that the attack occurred in early 2024. One potential victim is pharmaceutical giant Cencora, ranked #10 on the Fortune 50 list, which experienced a cyberattack in February 2024. However, no ransomware gang has claimed responsibility for the attack, and Cencora has not responded to inquiries about whether they paid the ransom.
Who Are the Dark Angels?
Dark Angels is a ransomware operation that launched in May 2022 and has been targeting companies worldwide ever since. The group employs a highly targeted approach, often referred to as “Big Game Hunting,” which focuses on attacking a single large company at a time for massive payouts, rather than targeting numerous smaller companies for smaller ransom amounts.
The Dark Angels operators breach corporate networks, move laterally to gain administrative access, and steal data from compromised servers. This stolen data is used as additional leverage when making ransom demands. Once they gain access to the Windows domain controller, they deploy the ransomware to encrypt all devices on the network.
Initially, Dark Angels used Windows and VMware ESXi encryptors based on the leaked source code for the Babuk ransomware. Over time, they switched to a Linux encryptor, the same one used by Ragnar Locker since 2021. This Linux encryptor was used in a notable attack on Johnson Controls, where Dark Angels claimed to have stolen 27 TB of corporate data and demanded a $51 million ransom payment.
The Big Game Hunting Strategy
Dark Angels operates a data leak site named ‘Dunghill Leaks,’ used to extort victims by threatening to leak stolen data if the ransom is not paid. This method of targeting high-value companies for massive payouts, known as “Big Game Hunting,” has become a dominant trend among ransomware gangs in recent years.
Zscaler ThreatLabz explains that the Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time. This strategy contrasts with most ransomware groups, which target victims indiscriminately and outsource much of the attack to affiliate networks of initial access brokers and penetration testing teams.
The Big Game Hunting tactic has been increasingly adopted by numerous ransomware gangs over the past few years, as noted by Chainalysis. This approach allows cybercriminals to maximize their returns by focusing on fewer, but more lucrative, targets.
Impact and Implications
The record-breaking ransom payment to Dark Angels underscores the growing threat of ransomware attacks on major corporations. As cybercriminals become more sophisticated and their demands escalate, companies must strengthen their cybersecurity measures to protect against such attacks.
The involvement of state-sponsored groups, like the North Korean Lazarus Group suspected in the WazirX attack, adds another layer of complexity to the cybersecurity landscape. These groups have the resources and expertise to carry out highly sophisticated attacks, making them formidable adversaries for even the most well-prepared organizations.
Conclusion
The $75 million ransom payment made by a Fortune 50 company to the Dark Angels ransomware gang marks a significant milestone in the history of cybercrime. This incident highlights the urgent need for robust cybersecurity measures and international cooperation to combat the growing threat of ransomware attacks. As cybercriminals continue to evolve and adopt new tactics, companies must remain vigilant and proactive in their efforts to safeguard their networks and data.
At The Scam Protector, we save people from getting scammed by raising awareness and informing them about prevalent online scams. You can do it too just by joining our tribe on Twitter , Facebook, Quora, Reddit, LinkedIn, and Whatsapp channel.
