In early 2024, a large publicly traded U.S. company fell victim to Dark Angels ransomware actors who managed to gain access and exfiltrate a massive 100 TB of corporate data. Following the breach, the company was extorted for an unprecedented $75 million ransom payment. Despite the staggering nature of the attack and payment, the victim organization has chosen to remain anonymous and has not disclosed the full details of the incident, leaving many questions unanswered.
The news of the record-breaking $75 million ransom payment to Dark Angels came to light on July 29 when cybersecurity vendor Zscaler released its “ThreatLabz 2024 Ransomware Report.” The report highlighted the extraordinary payout made by the victim organization to the ransomware gang and confirmed by blockchain analytics firm Chainalysis. However, the company’s identity has not been revealed, leading to speculation that it could be Cencora, a pharmaceutical giant previously known as AmerisourceBergen.
Cencora disclosed a cyberattack in February, following an 8-K filing with the U.S. Securities and Exchange Commission (SEC), confirming the exfiltration of data from its systems. The company later discovered additional stolen data, including personally identifiable information and protected health information, but stated that there was no evidence of public disclosure of the data. Despite the breach, Cencora maintained that its operations were unaffected, and its IT systems were fully operational.
Concerns arose about the size of the ransom payment compared to the lack of operational disruption caused by the attack. Speculations suggested that the stolen data may have contained highly sensitive information, prompting the victim organization to make the significant payment. However, some experts offered an alternative theory, suggesting that the sheer volume of stolen data made it difficult for the organization to verify the extent of the breach, leading to the expedient decision to pay the ransom.
The incident raised questions about the effectiveness of U.S. disclosure laws, particularly in light of the new cybersecurity incident reporting rules introduced by the SEC. Critics pointed out that the subjective nature of determining materiality allowed companies to downplay the impact of breaches and ransom payments on their operations. Additionally, concerns were raised about the lack of transparency in disclosing ransom payments and stolen data in SEC filings, indicating a potential loophole in the reporting regulations.
As the debate around the $75 million ransom payment continues, industry experts warn that ransomware gangs may exploit the lack of transparency in disclosure laws to their advantage. The incident serves as a stark reminder of the evolving threat landscape faced by organizations and the need for enhanced cybersecurity measures to combat sophisticated cyber attacks. The repercussions of the Dark Angels attack are likely to reverberate across the cybersecurity landscape, prompting a reevaluation of incident response strategies and regulatory frameworks.