Dark Angels Score Record Breaking $75m Ransom

Ransomware attackers have reached new heights, marked by a notable surge in extortion attacks. Cyber criminals are increasingly moving toward larger victims and this is certainly the case with Dark Angels.

This ransomware group has succeed in extorting $75 million -  the largest known ransom payment ever extracted from a victim.

Dark Angels emerged in 2022, but remained under the radar, despite carrying out large-scale attacks. Now, a Fortune 50 company has paid a record-breaking $75 million ransom to the Dark Angels, according to a report by the Zscaler ThreatLabz research unit.

Whilst a ransomware organisation like LockBit generate numerous victims -  including Britain's Royal Mail, the City of Montreal, the Port of Nagoya - for comparatively small amounts of money, meaning it gets lots of publicity due to its spread, but fewer major payouts.

In contrast, Dark Angels, prefers to targeting  a few big money victims - a single organisation for a longer period of time and for much more money.

ThreatLabz has reported on their discovery of the largest ever publicly known ransomware payment and, along with it, a warning that multiple threat actors may attempt to copy Dark Angels' tactics.  "In early 2024, ThreatLabz uncovered a victim who paid Dark Angels $75 million, higher than any publicly known amount, an achievement that's bound to attract the interest of other attackers looking to replicate such success by adopting their key tactics”, says the 2024 Zscaler Ransomware Report. ​​​​​

This record-breaking payment has been serateley confirmed by crypto intelligence company Chainalysis in a blog post. The largest known previous ransom payment was $40 million, which the CNA an insurance company paid after suffering an Evil Corp ransomware attack.

While Zscaler did not share which company paid the $75 million ransom, they mention that the company was in the Fortune 50 and that the attack occurred in early 2024. One Fortune 50 company hit by large cyber hacks in February 2024 is pharmaceutical firm Cencora, ranked #10 on Fortune's list. No ransomware gang claimed responsibility for the attack at that time, possibly indicating that a ransom was paid.

Dark Angels is a human-operated ransomware group known for targeting big companies, typically breaching corporate networks and then moving laterally until they manage to gain administrative access. They also steal data from compromised servers, which is later used as additional leverage when making ransom demands.

When launching an operation, they are known to use Windows, Linux and VMware ESXi encryptors. Once they gain access to the network domain controller, they deploy the ransomware to encrypt and lock all devices on the network. They then issue a demand for payment to unlock the network.

ZScaler   |    Chainanalysis   |   Sentinel One    |   Cyble   |    Techzine   |   Bleeping Computer   |   PCMag    | 

Infosecurity Magazine   |    Ransomware Attacks   |    Neuways   |   Forbes

Image: Dynamic Wang

You Might Also Read: 

Treading A Safe Path - Navigating Hidden Ransomware Risks:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Hackers Target Maritime Facilities With Malware
App Security Testing: Exploring The Pros & Cons Of Different Approaches  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

TUV Sud

TUV Sud

TÜV SÜD is a leading technical service organisation. We specialize in testing, certification, auditing, training, and advisory services for different industries.

K2 Integrity

K2 Integrity

K2 Integrity is a preeminent risk, compliance, investigations, and monitoring firm - built by industry leaders to safeguard our clients’ operations, reputations, and economic security.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

Hypersecu Information Systems

Hypersecu Information Systems

Hypersecu Information Systems, Inc. is a solution provider dedicated to multi-factor authentication, public key infrastructure and software copyright protection.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Glocomms

Glocomms

Glocomms is a leading specialist recruitment agency for the tech sector, providing permanent, contract, and multi-hire recruitment from our global hubs in San Francisco, New York, London and Berlin.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

Apexanalytix

Apexanalytix

Apexanalytix is a leading provider of supplier onboarding, risk management and recovery solutions.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.

EK3 Technologies

EK3 Technologies

EK3 Technologies mission is to provide comprehensive cybersecurity and IT solutions that allow our clients to focus on sustaining their business.