The Dark Angels, a notorious ransomware group, have recently made headlines for receiving a staggering $75 million data ransom payment from a Fortune 50 company. This group, which has been operating since 2021, is known for maintaining a low profile and working alone, targeting one victim at a time and focusing on stealing large amounts of data rather than disrupting operations.
According to security experts at Zscaler ThreatLabz, Dark Angels have been ranked as the top ransomware threat for 2024. The group has conducted some of the largest ransomware attacks to date, yet very little is known about their operations. Brett Stone-Gross, the senior director of threat intelligence at ThreatLabz, highlighted that Dark Angels operate differently from other ransomware groups. Unlike traditional ransomware operations that rely on affiliate models, Dark Angels prefer to operate covertly to avoid attracting unwanted attention.
One of the distinctive traits of the Dark Angels group is their reluctance to deploy ransomware malware that can cause significant disruptions to the victim’s business operations. Instead, they strategically choose whether to encrypt files that won’t cause major disruptions but will result in stealing large volumes of data. This approach sets them apart from other ransomware groups, as they prioritize data exfiltration over immediate financial gain.
Dark Angels have targeted major companies across various sectors, including healthcare, finance, government, and education. Some notable victims listed on their victim shaming site, Dunghill Leak, include Sysco, a global food distribution firm, and Sabre, a travel booking giant. These companies have suffered data breaches at the hands of Dark Angels, leading to potential data exposure and financial losses.
In a recent cyber incident involving a pharmaceutical giant, Cencora (formerly AmeriSourceBergen Corporation), it was reported that the company paid a record $75 million ransom to Dark Angels. This incident, which occurred in February 2024, resulted in significant financial losses for Cencora, as detailed in their quarterly financial report. The ransom payment highlights the growing trend of skyrocketing ransom demands from cybercriminal groups like Dark Angels.
According to a report by Sophos, the average ransomware payment has increased fivefold in the past year, reaching $2 million in 2024. The report also indicates that a significant portion of ransom funding comes from multiple sources, including the affected organizations themselves and insurance providers. This alarming trend underscores the need for enhanced cybersecurity measures and proactive strategies to prevent falling victim to ransomware attacks.
The Dark Angels’ record-breaking ransom payment serves as a stark reminder of the evolving threat landscape posed by ransomware groups. As organizations continue to grapple with the increasing risk of cyberattacks, it is crucial to prioritize cybersecurity investments and adopt robust defense mechanisms to safeguard sensitive data and mitigate potential financial losses.