Dark Angels Ransomware Group’s $75M Jackpot: Zscaler’s ThreatLabz 2024 Ransomware Report reveals how this elite gang targets select corporations, siphoning 1-100TB of data before encryption, and why their approach will shape future attacks.
Cybersecurity researchers at Zscaler have unearthed the largest known ransomware payment to date, a staggering $75 million paid by an anonymous company to the notorious Dark Angels cybercrime group.
The Dark Angels ransomware group, which has been operating under the radar since 2022, have targeted high-value industries like healthcare, government, finance, and education, recently shifting their focus to large industrial, technology, and telecommunication companies.
Dark Angels’ modus operandi diverges from typical ransomware gangs, which often cast a wide net and outsource attacks. Instead, they meticulously select and compromise individual large corporations, exfiltrating massive data troves (1-100 TB) before deciding whether to encrypt files.
According to Zscaler’s ThreatLabz 2024 Ransomware Report released today on Tuesday, July 30, 2024, the group’s most notable attack occurred in September 2023 against an international conglomerate, where they demanded $51 million and encrypted the company’s virtual machines.
“Dark Angels demanded a $51 million ransom, claimed to have stolen over 27 TB of corporate data, and encrypted the company’s VMware ESXi virtual machines. A RagnarLocker ransomware variant was used to encrypt the company’s files during the attack. The relationship betweenRagnarLocker and Dark Angels is not clear, but the group was using the ransomware prior to the law enforcement action against RagnarLocker.”
Zscaler
Zscaler’s report also highlights and warns businesses to watch out for other prominent ransomware groups, such as Lockbit, BlackCat (ALPHV), Akira, and Black Basta.
The Dark Angels ransomware gang’s success in extorting such a large sum is a concerning trend that is likely to inspire other cybercriminal groups. Experts warn that Dark Angels’ approach will likely be used by other groups, focusing on high-value targets and amplifying data theft to maximize profits.
Ryan McConechy, CTO of Barrier Networks, commented on the report’s findings, stating, “This is an alarmingly high figure, and most organizations would never believe cybercrime could cost them so much…But that’s the harsh reality of attacks today.” He emphasized the need for robust cyber defences, including employee training, multi-factor authentication, system updates, and a well-prepared incident response plan.
RELATED ARTICLES
- Fake ransom scams targeting families of missing persons
- Ransom fail: Iranian hackers leak Israeli LGBTQ dating app data
- Conti ransomware gang demanded $40m from US school district
- Ethical hacker among 3 arrested for blackmail, ransomware attacks
- Crypto firm Tether claims hackers have demanded $24m in ransom