Dark Angels Score Record Breaking $75m Ransom

Ransomware attackers have reached new heights, marked by a notable surge in extortion attacks. Cyber criminals are increasingly moving toward larger victims and this is certainly the case with Dark Angels.

This ransomware group has succeed in extorting $75 million -  the largest known ransom payment ever extracted from a victim.

Dark Angels emerged in 2022, but remained under the radar, despite carrying out large-scale attacks. Now, a Fortune 50 company has paid a record-breaking $75 million ransom to the Dark Angels, according to a report by the Zscaler ThreatLabz research unit.

Whilst a ransomware organisation like LockBit generate numerous victims -  including Britain's Royal Mail, the City of Montreal, the Port of Nagoya - for comparatively small amounts of money, meaning it gets lots of publicity due to its spread, but fewer major payouts.

In contrast, Dark Angels, prefers to targeting  a few big money victims - a single organisation for a longer period of time and for much more money.

ThreatLabz has reported on their discovery of the largest ever publicly known ransomware payment and, along with it, a warning that multiple threat actors may attempt to copy Dark Angels' tactics.  "In early 2024, ThreatLabz uncovered a victim who paid Dark Angels $75 million, higher than any publicly known amount, an achievement that's bound to attract the interest of other attackers looking to replicate such success by adopting their key tactics”, says the 2024 Zscaler Ransomware Report. ​​​​​

This record-breaking payment has been serateley confirmed by crypto intelligence company Chainalysis in a blog post. The largest known previous ransom payment was $40 million, which the CNA an insurance company paid after suffering an Evil Corp ransomware attack.

While Zscaler did not share which company paid the $75 million ransom, they mention that the company was in the Fortune 50 and that the attack occurred in early 2024. One Fortune 50 company hit by large cyber hacks in February 2024 is pharmaceutical firm Cencora, ranked #10 on Fortune's list. No ransomware gang claimed responsibility for the attack at that time, possibly indicating that a ransom was paid.

Dark Angels is a human-operated ransomware group known for targeting big companies, typically breaching corporate networks and then moving laterally until they manage to gain administrative access. They also steal data from compromised servers, which is later used as additional leverage when making ransom demands.

When launching an operation, they are known to use Windows, Linux and VMware ESXi encryptors. Once they gain access to the network domain controller, they deploy the ransomware to encrypt and lock all devices on the network. They then issue a demand for payment to unlock the network.

ZScaler   |    Chainanalysis   |   Sentinel One    |   Cyble   |    Techzine   |   Bleeping Computer   |   PCMag    | 

Infosecurity Magazine   |    Ransomware Attacks   |    Neuways   |   Forbes

Image: Dynamic Wang

You Might Also Read: 

Treading A Safe Path - Navigating Hidden Ransomware Risks:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Hackers Target Maritime Facilities With Malware
App Security Testing: Exploring The Pros & Cons Of Different Approaches  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

HardSecure

HardSecure

Hardsecure supports organizations to face security threats through the adoption of cybersecurity capabilities that guarantee 360º monitoring, visibility, mitigation, and blocking.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

Banyax

Banyax

Banyax provides 24×7 real-time Cyber Defense Center Services using the latest technology tools to provide state-of-the-art defense.

WillJam Ventures

WillJam Ventures

WillJam Ventures are a private equity firm focused on investing in world-class cybersecurity companies that will become the next generation of leaders in protecting the world’s digital assets.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.