Dark Angels Score Record Breaking $75m Ransom

Uploaded on 2024-08-02 in NEWS-Cybersecurity News, FREE TO VIEW

Ransomware attackers have reached new heights, marked by a notable surge in extortion attacks. Cyber criminals are increasingly moving toward larger victims and this is certainly the case with Dark Angels.

This ransomware group has succeed in extorting $75 million -  the largest known ransom payment ever extracted from a victim.

Dark Angels emerged in 2022, but remained under the radar, despite carrying out large-scale attacks. Now, a Fortune 50 company has paid a record-breaking $75 million ransom to the Dark Angels, according to a report by the Zscaler ThreatLabz research unit.

Whilst a ransomware organisation like LockBit generate numerous victims -  including Britain's Royal Mail, the City of Montreal, the Port of Nagoya - for comparatively small amounts of money, meaning it gets lots of publicity due to its spread, but fewer major payouts.

In contrast, Dark Angels, prefers to targeting  a few big money victims - a single organisation for a longer period of time and for much more money.

ThreatLabz has reported on their discovery of the largest ever publicly known ransomware payment and, along with it, a warning that multiple threat actors may attempt to copy Dark Angels' tactics.  "In early 2024, ThreatLabz uncovered a victim who paid Dark Angels $75 million, higher than any publicly known amount, an achievement that's bound to attract the interest of other attackers looking to replicate such success by adopting their key tactics”, says the 2024 Zscaler Ransomware Report. ​​​​​

This record-breaking payment has been serateley confirmed by crypto intelligence company Chainalysis in a blog post. The largest known previous ransom payment was $40 million, which the CNA an insurance company paid after suffering an Evil Corp ransomware attack.

While Zscaler did not share which company paid the $75 million ransom, they mention that the company was in the Fortune 50 and that the attack occurred in early 2024. One Fortune 50 company hit by large cyber hacks in February 2024 is pharmaceutical firm Cencora, ranked #10 on Fortune's list. No ransomware gang claimed responsibility for the attack at that time, possibly indicating that a ransom was paid.

Dark Angels is a human-operated ransomware group known for targeting big companies, typically breaching corporate networks and then moving laterally until they manage to gain administrative access. They also steal data from compromised servers, which is later used as additional leverage when making ransom demands.

When launching an operation, they are known to use Windows, Linux and VMware ESXi encryptors. Once they gain access to the network domain controller, they deploy the ransomware to encrypt and lock all devices on the network. They then issue a demand for payment to unlock the network.

ZScaler   |    Chainanalysis   |   Sentinel One    |   Cyble   |    Techzine   |   Bleeping Computer   |   PCMag    | 

Infosecurity Magazine   |    Ransomware Attacks   |    Neuways   |   Forbes

Image: Dynamic Wang

You Might Also Read: 

Treading A Safe Path - Navigating Hidden Ransomware Risks:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Target Maritime Facilities With Malware
App Security Testing: Exploring The Pros & Cons Of Different Approaches  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO CCDCOE's mission is to enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

ID Agent

ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Iowa Cyber Hub

Iowa Cyber Hub

Iowa Cyber Hub is a cybersecurity education partnership between Iowa State University and Des Moines Area Community College.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

Omega Systems

Omega Systems

Omega Systems is a leading managed service provider (MSP) and managed security service provider (MSSP) to mid-market organizations.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.