$75 Million Ransom Sets New Record for Dark Angels Cyber Gang
A Fortune 50 company reportedly paid the highest ransom on record to the Dark Angels ransomware at the beginning of 2024. This outstrips the previous highest known ransom of $40 million, paid by CNA to the Evil Corp ransomware group. The exact $75 million ransom payer has not been disclosed, but the incident has been confirmed to have taken place in early 2024 and is of a company within the Fortune 50 ranking. One such company belongs to the Fortune 50 list: a leading pharmaceutical giant, Cencora, listed at #10, falling prey to a cyberattack in February 2024. No ransomware gang has yet taken up the responsibility for this attack, though speculation is rife that this might be the company that ended up paying the ransom. BleepingComputer contacted Cencora to confirm this information, but he has not yet responded.
Dark Angels first appeared in May 2022. Dark Angels usually deploy a human-operated ransomware attack to breach the network. After breaching the network, they move laterally and escalate their admin privileges. While breaching a network, threat actors also steal the data to be used as leverage in the ransom negotiation. Finally, after fully establishing control over the Windows domain controller, they deploy ransomware to encrypt all the devices on the network.
Initially, Dark Angels used Babuk ransomware’s leaked source code for Windows and VMware ESXi encryptors. Over time, they switched to a Linux encryptor, similar to the one which Ragnar Locker used since 2021 and was disrupted by law enforcement in 2023. This Linux encryptor was used in an infamous attack on Johnson Controls, where Dark Angels stole 27 TB of data and demanded a $51 million ransom.
Dark Angels maintains its data leak site, ‘Dunghill Leaks’, on which the stolen data is posted as a warning of further disclosure in case ransoms are not paid. The strategy, called “Big Game Hunting,” focuses on a few high-value companies from which it can reap large sums in ransom payments, instead of getting small payments from a multitude of companies. This focused approach contrasts with other ransomware groups that indiscriminately target victims and use affiliate networks for their attacks. Big Game Hunting has become very popular among ransomware gangs in the last few years.