Dark Angels Score Record Breaking $75m Ransom

Uploaded on 2024-08-02 in NEWS-Cybersecurity News, FREE TO VIEW

Ransomware attackers have reached new heights, marked by a notable surge in extortion attacks. Cyber criminals are increasingly moving toward larger victims and this is certainly the case with Dark Angels.

This ransomware group has succeed in extorting $75 million -  the largest known ransom payment ever extracted from a victim.

Dark Angels emerged in 2022, but remained under the radar, despite carrying out large-scale attacks. Now, a Fortune 50 company has paid a record-breaking $75 million ransom to the Dark Angels, according to a report by the Zscaler ThreatLabz research unit.

Whilst a ransomware organisation like LockBit generate numerous victims -  including Britain's Royal Mail, the City of Montreal, the Port of Nagoya - for comparatively small amounts of money, meaning it gets lots of publicity due to its spread, but fewer major payouts.

In contrast, Dark Angels, prefers to targeting  a few big money victims - a single organisation for a longer period of time and for much more money.

ThreatLabz has reported on their discovery of the largest ever publicly known ransomware payment and, along with it, a warning that multiple threat actors may attempt to copy Dark Angels' tactics.  "In early 2024, ThreatLabz uncovered a victim who paid Dark Angels $75 million, higher than any publicly known amount, an achievement that's bound to attract the interest of other attackers looking to replicate such success by adopting their key tactics”, says the 2024 Zscaler Ransomware Report. ​​​​​

This record-breaking payment has been serateley confirmed by crypto intelligence company Chainalysis in a blog post. The largest known previous ransom payment was $40 million, which the CNA an insurance company paid after suffering an Evil Corp ransomware attack.

While Zscaler did not share which company paid the $75 million ransom, they mention that the company was in the Fortune 50 and that the attack occurred in early 2024. One Fortune 50 company hit by large cyber hacks in February 2024 is pharmaceutical firm Cencora, ranked #10 on Fortune's list. No ransomware gang claimed responsibility for the attack at that time, possibly indicating that a ransom was paid.

Dark Angels is a human-operated ransomware group known for targeting big companies, typically breaching corporate networks and then moving laterally until they manage to gain administrative access. They also steal data from compromised servers, which is later used as additional leverage when making ransom demands.

When launching an operation, they are known to use Windows, Linux and VMware ESXi encryptors. Once they gain access to the network domain controller, they deploy the ransomware to encrypt and lock all devices on the network. They then issue a demand for payment to unlock the network.

ZScaler   |    Chainanalysis   |   Sentinel One    |   Cyble   |    Techzine   |   Bleeping Computer   |   PCMag    | 

Infosecurity Magazine   |    Ransomware Attacks   |    Neuways   |   Forbes

Image: Dynamic Wang

You Might Also Read: 

Treading A Safe Path - Navigating Hidden Ransomware Risks:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Target Maritime Facilities With Malware
App Security Testing: Exploring The Pros & Cons Of Different Approaches  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Lunio

Lunio

Lunio makes the internet a safer and more reliable place for everyone trying to grow their business by automatically getting rid of fake clicks, traffic, and leads on all ad platforms.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Trustifi

Trustifi

Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.

Europol - European Cybercrime Centre (EC3)

Europol - European Cybercrime Centre (EC3)

The European Cybercrime Centre (EC3) was set up by Europol to strengthen the law enforcement response to cybercrime in the EU.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

Interlock

Interlock

Interlock are building blockchain-based security products that solve legacy web2 security issues - phishing and social engineering.