Dark Angels Ransomware Gang Nets Record $75M Ransom Payment

The ransomware operation Dark Angels has reportedly set a new record by receiving a $75 million ransom payment from an unnamed Fortune 50 company, as reported by BleepingComputer.  

‍

This amount is the highest ever recorded, surpassing the previous record of $40 million paid by the insurance firm CNA to the Evil Corp ransomware group. Blockchain research firm Chainalysis confirmed this figure, emphasizing the unprecedented scale of the ransom.

‍

While researchers did not disclose the specific organization affected, it has been noted that the major pharmaceutical firm Cencora was the only Fortune 50 company knwon to have been compromised in a February 2024 attack. This attack has not yet been claimed by any ransomware group, leaving a possible link to Dark Angels speculative but unconfirmed.

‍

The Dark Angels group has been active since May 2022. Their operations have involved significant ransom demands, including an unsuccessful attempt to secure a $51 million payment in September 2023. This latest record-breaking ransom highlights the ongoing and evolving threat posed by evolving ransomware operations, particularly those that focus on high-value targets.

‍

Takeaway: Over the past 2-3 years, the rapid evolution of Ransomware-as-a-Service (RaaS) platforms has made it clear that the ransomware threat is still in its early stages. Attackers are continually developing more sophisticated tools and techniques, posing a significant challenge to organizations.

‍

Threat actors are playing a game of chess while their targets struggle to mount even a basic checkers-level defense. This is particularly evident in highly targeted sectors such as healthcare and education, which often lack the resources to defend effectively against such attacks, making them especially vulnerable.

‍

Ransomware developers have recently focused their substantial resources on enhancing the initial stages of attacks. This includes automating scans and exploiting known vulnerabilities for initial compromises, abusing legitimate network tools, and creating custom tools for lateral movement and data exfiltration.

‍

Proceeds from ransomware attacks are being reinvested into hiring skilled developers who continuously devise new methods to infect victims, evade detection, exfiltrate sensitive data, and encrypt files more quickly.  

‍

The targeting of cloud installations and data backups has become a significant concern, as many organizations mistakenly assume their off-site data storage is immune to ransomware attacks. This assumption is increasingly unsafe given the well-funded and innovative nature of modern threat actors.

‍

Traditional Endpoint Protection (EPP) solutions are largely ineffective against these advanced attack progressions. While Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) tools offer a marginally better defense, most ransomware operators are easily unhooking or otherwise bypassing these defenses.

‍

Consider that when we see these big corporations named as ransomware victims in the headlines, they all had extensive security programs with talented teams and the best-in-class solutions deployed.

‍

We are only at the beginning of this battle, and it is already evident that the attackers have gained the upper hand. Ransomware operators possess nearly unlimited resources and innovate rapidly, while their targets struggle with budget constraints and resource allocation.  

‍

The disparity between attacker capabilities and organizational defenses is vast, resulting in significant damage to victims. Organizations must decide whether to passively accept this fact or invest in new approaches to neutralize this growing threat.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.