Dark Angels Score Record Breaking $75m Ransom

Uploaded on 2024-08-02 in NEWS-Cybersecurity News, FREE TO VIEW

Ransomware attackers have reached new heights, marked by a notable surge in extortion attacks. Cyber criminals are increasingly moving toward larger victims and this is certainly the case with Dark Angels.

This ransomware group has succeed in extorting $75 million -  the largest known ransom payment ever extracted from a victim.

Dark Angels emerged in 2022, but remained under the radar, despite carrying out large-scale attacks. Now, a Fortune 50 company has paid a record-breaking $75 million ransom to the Dark Angels, according to a report by the Zscaler ThreatLabz research unit.

Whilst a ransomware organisation like LockBit generate numerous victims -  including Britain's Royal Mail, the City of Montreal, the Port of Nagoya - for comparatively small amounts of money, meaning it gets lots of publicity due to its spread, but fewer major payouts.

In contrast, Dark Angels, prefers to targeting  a few big money victims - a single organisation for a longer period of time and for much more money.

ThreatLabz has reported on their discovery of the largest ever publicly known ransomware payment and, along with it, a warning that multiple threat actors may attempt to copy Dark Angels' tactics.  "In early 2024, ThreatLabz uncovered a victim who paid Dark Angels $75 million, higher than any publicly known amount, an achievement that's bound to attract the interest of other attackers looking to replicate such success by adopting their key tactics”, says the 2024 Zscaler Ransomware Report. ​​​​​

This record-breaking payment has been serateley confirmed by crypto intelligence company Chainalysis in a blog post. The largest known previous ransom payment was $40 million, which the CNA an insurance company paid after suffering an Evil Corp ransomware attack.

While Zscaler did not share which company paid the $75 million ransom, they mention that the company was in the Fortune 50 and that the attack occurred in early 2024. One Fortune 50 company hit by large cyber hacks in February 2024 is pharmaceutical firm Cencora, ranked #10 on Fortune's list. No ransomware gang claimed responsibility for the attack at that time, possibly indicating that a ransom was paid.

Dark Angels is a human-operated ransomware group known for targeting big companies, typically breaching corporate networks and then moving laterally until they manage to gain administrative access. They also steal data from compromised servers, which is later used as additional leverage when making ransom demands.

When launching an operation, they are known to use Windows, Linux and VMware ESXi encryptors. Once they gain access to the network domain controller, they deploy the ransomware to encrypt and lock all devices on the network. They then issue a demand for payment to unlock the network.

ZScaler   |    Chainanalysis   |   Sentinel One    |   Cyble   |    Techzine   |   Bleeping Computer   |   PCMag    | 

Infosecurity Magazine   |    Ransomware Attacks   |    Neuways   |   Forbes

Image: Dynamic Wang

You Might Also Read: 

Treading A Safe Path - Navigating Hidden Ransomware Risks:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Target Maritime Facilities With Malware
App Security Testing: Exploring The Pros & Cons Of Different Approaches  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

EG-CERT

EG-CERT

EG-CERT is the national Computer Emergency Response Team for Egypt.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

QuickLaunch

QuickLaunch

QuickLaunch transforms how cloud-savvy institutions and companies manage human and device authentication, authorization, access control and integration.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

NPCERT

NPCERT

NPCERT is a team of Information Security experts formed to address the urgent need for the protection of national information and growing cybersecurity threat in Nepal.

OneZero Solutions

OneZero Solutions

OneZero specialize in cybersecurity operations, information assurance, computer network operations, solutions engineering, and project management.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

Deloitte Denmark

Deloitte Denmark

Swift incident management, worldwide support, and advanced defense strategies ensure comprehensive recovery and enterprise security with our IR service.

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.