In early 2024, a Fortune 50 company made a record-breaking $75 million ransom payment to the Dark Angels ransomware gang. This payment significantly surpassed the previous highest known ransom payment of $40 million made by CNA after an Evil Corp ransomware attack. Although sources did not disclose the identity of the company, they confirmed that it was within the Fortune 50 and the attack occurred in early 2024. Speculation points towards pharmaceutical giant Cencora, which ranked #10 and experienced a cyberattack in February 2024, although no ransomware group has claimed responsibility, possibly indicating a ransom payment.
Dark Angels, a ransomware operation that began in May 2022, employs a targeted strategy known as “Big Game Hunting,” focusing on high-value companies for larger ransoms rather than numerous smaller targets. This group breaches corporate networks, gains administrative access, and steals data to use as leverage for ransom demands. Initially using Windows and VMware ESXi encryptors based on Babuk ransomware, they have since transitioned to a Linux encryptor similar to that used by Ragnar Locker. They also operate a data leak site named ‘Dunghill Leaks’ to threaten victims with data exposure if ransoms are not paid. This method contrasts with other ransomware groups that attack indiscriminately and use affiliate networks for operations.
[ad_2]
source
