Dark Angels Ransomware Receives Record-Breaking $75 Million Ransom

"A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang," writes BleepingComputer's Lawrence Abrams, citing a report (PDF) by Zscaler ThreatLabz. From the report: The largest known ransom payment was previously $40 million, which insurance giant CNA paid after suffering an Evil Corp ransomware attack. While Zscaler did not share what company paid the $75 million ransom, they mentioned the company was in the Fortune 50 and the attack occurred in early 2024. One Fortune 50 company that suffered a cyberattack in February 2024 is pharmaceutical giant Cencora, ranked #10 on the list. No ransomware gang ever claimed responsibility for the attack, potentially indicating that a ransom was paid.

Zscaler ThreatLabz says that Dark Angels utilizes the "Big Game Hunting" strategy, which is to target only a few high-value companies in the hopes of massive payouts rather than many companies at once for numerous but smaller ransom payments. "The Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time," explains the Zscaler ThreatLabz researchers. "This is in stark contrast to most ransomware groups, which target victims indiscriminately and outsource most of the attack to affiliate networks of initial access brokers and penetration testing teams." According to Chainalysis, the Big Game Hunting tactic has become a dominant trend utilized by numerous ransomware gangs over the past few years.

If our legislature wasn't paralyzed by Republicans

[rsilvergun]

We would have long since passed a law making it illegal to pay ransoms. Years ago a guy named newt Gingrich, famous for dumping his cancer-stricken wife for a younger woman, created something called the contract with America. It was a plan to obstruct anything and everything that could be beneficial and then lay the blame at the feet of his opposition party.

It worked. Spectacularly. For the Republicans anyway. For us we got screwed hard.

So there's a snowballs chance in hell of getting something through like a ban on paying ransoms while that contract is still valid. And it's going to stay valid until the American people realize it's there and demand its revocation. I think we got a tiny inkling of that when the Republicans tried to shut down the government in order to cause a crash last year. For the first time I can remember the American people looked at the Republican party doing something bad that would hurt them and said, hey the Republicans are doing something bad and it's going to hurt me.

But I think that was largely because of all the chaos and confusion from their incompetent handling of the speakership. It kind of made it obvious that the Republicans couldn't govern anymore and hadn't been able to in a long time. We're not always going to have something that obvious staring in our faces.

This is some of the lowest quality bait

[rsilvergun]

I've ever seen on /..

Re:

[ac22]

That's rich coming from you.

FWIW registrations_suck has made other posts about his illness, but you probably didn't see them since you were so busy flooding the site with your own low-quality unsourced opinioins. He doesn't deserve you turning up and calling him a liar.

Re:

[registrations_suck]

It's ok. Dumbasses can't help themselves. It's a mental illness.

Re:

[Mr. Dollar Ton]

famous for dumping his cancer-stricken wife for a younger woman

Wait, wasn't that another guy and an Amurrikan hero, a certain John McCain?

Re:

[rsilvergun]

Honestly it's hard to keep track of the number of Republicans who have left their cancer stricken wives so it's entirely possible. But the fact is newt Gingrich definitely did it. Pretty sure he's the OG of leaving your cancer stricken wife for another woman.

Re:

[DrMrLordX]

You're blaming this on a political action piece from the 1990s? You're on crack.

Re:

[Anonymous Coward]

Politics aside (sort of), here in Europeland we have regulations which prevent paying of money to a variety of "unsavoury" destinations - and there are "reasonableness" clauses to make sure you can't just say "oh, I had no idea they were terrorists!".

Such rules do a number of things. They make it really, really difficult to pay low-level protection scams, or even to pay people off-books cash of any size. They also make it difficult to hire someone who doesn't have a bank account and a house - even if it's f

Re:

[Anonymous Coward]

LOL - this is entirely a foreign policy problem. It is entirely the make of the globalist political left as well btw, who were more or less in control from the 60s on.

As others have posted the nearest historical analog to the ransomware gangs are actual pirates. They way you deal with pirate is you KILL pirates. Nothing else works. Except we can't do that because that does not fit the globalist model.

What is needed is to firebomb these a-holes, and its necessary to do it where they are at - should not matt

Newt Gingrich's ex-wife lived another 30 years

[ac22]

Maybe you should try doing some research before posting.

From factcheck.org:
Posted on December 2, 2011 | Updated on December 27, 2011 | Corrected on December 27, 2011

The Gingrich Divorce Myth

Q: Did Newt Gingrich ask his former wife to sign divorce papers on her deathbed?
A: No. Jackie Battley is still alive, and the couple was already in divorce proceedings at the time of the 1980 hospital visit. But she was recovering from surgery to remove a benign tumor, and the former House speaker admits that they “got into an argument.”

"So, what do we know for certain? One, Battley and Gingrich were already separated and in the process of getting a divorce when he visited her in the hospital. And two, Battley wasn’t dying of cancer."

https://www.factcheck.org/2011... [factcheck.org]

Re:

[mjwx]

We would have long since passed a law making it illegal to pay ransoms.

Politics aside, how would that help. It wouldn't stop people paying ransoms, it would just mean an additional fine if they're caught. "hmm, we see you've paid these ransomware people $100,000, here's a $50,000 fine on top of that". Not going to do a damn thing to stop ransomware, hostage takers, et al.

It's like making suicide illegal and having the death penalty for any attempts.

Re:

[LeDopore]

If you're a public company you'd have to declare a big expense like paying a ransom.

Insane

[battingly]

This has increased the incentive for ransomware attacks exponentially. The only way forward is to make ransom payments illegal. Institutions currently would rather pay the ransom (and pass the cost along to others) than improve their security. Making ransom payment illegal will take away the incentive for the attacks and force organizations to improve their security. Continuing with the status quo is insane.

Re:Insane

[bill_mcgonigle]

That's not root cause.

The Directors have a legal duty to maximize shareholder value and that means earning as much revenue as possible and spending as little as conceivably possible.

Or else they get their asses sued.

Doing what's best for the company in the long run will get their asses sued if another narrative is conceivable.

The crapification of Corporate America can be largely tied to a court system that allows this.

Stop reflexing to banning more things when the underlying causes are a festering mortal wound.

Re:

[Firethorn]

The Directors have a legal duty to maximize shareholder value and that means earning as much revenue as possible and spending as little as conceivably possible.

Or else they get their asses sued.

They get their asses sued anyways. This will cause lawsuits. On the other hand, there are plenty of examples that spending the necessary funds for proper security is indeed the "maximizing shareholder value" because it is a lot cheaper than paying ransoms.

The courts are unlikely to find against them, Executives have wide latitude to decide what is maximizing value.

Re: Insane

[phantomfive]

Nonprofits have ransomware problems too. "The duty to maximize profits" isn't as strong as you think it is.

Re:

[Anne Thwacks]

If I was a shareholder and found that the company had failing to have both on-line and off-line backups, and testing their restore to bare metal monthly, I would be suing for life imprisonment of every executive in the command chain that did not INSIST on said backups on the grounds that they had risked the lives and liberty of all employees by obtaining a job for which they were unfit.

MOST PARTICULARLY FOR THE HR STAFF for not blocking their recuitment.

Public whippings with LTO tape for the CTO.

Re:

[ArchieBunker]

That won’t happen. The bean counters and lawyers run the numbers and determine paying the ransom is the cheaper option. As we’ve recently found out judges and politicians are cheap to buy off.

Re:

[Mr. Dollar Ton]

But but but... If ransom payments are made illegal, only criminals will make ransom payments! Are you sure you want to criminalize the Fortune 50 segment of the American business? These are truly the "captains of the industry", man!

Re:Insane

[Daina.0]

It's the Barbary Pirates all over again. Pay ransom or pay tribute and they'll be around forever. Refuse to pay and kill them and they don't come back.

One of the problems is that law enforcement in some cases is recommending paying the ransom! And in some cases paying the ransom provides a trail to the bad guys so they end up arrested/dead/sad.

Years ago I asked why Western Union isn't shut down for all the scams they enable. The answer was that shutting it down would make terrorist wire transfers less traceable by the good guys.

Re:

[Mr. Dollar Ton]

Refuse to pay and kill them

Now, is this possible? What if, like the British pirates, they get a license and become privateers?

Re:

[necro81]

What if, like the British pirates, they get a license and become privateers?

Is that not the entire M.O. of Russia and North Korea?

Re:

[Mr. Dollar Ton]

Well, for North Korea more or less yes, but the ruzzkie are also selling oil and gas.

Re:Insane

[ctilsie242]

IMHO, ransomware is only going to increase.

The main reason is what another posted stated -- we don't have stakeholders, we have shareholders. If a company fails to maximize profit at the cost of everything else, they sue. To boot, any losses done by charging CapEx or R&D are fodder for shareholder torts, which is why you will never see a PARC, or a Bell Labs in modern firms... stuff like Gorilla Glass that may not be relevant now, but cool stuff to look at down the line.

It is going to take complete stock market derailment (which is pretty much impossible, as the stock market can keep expanding forever because it has zero to do with Main Street, and numbers can always come from the ether. Even if the stock market went down, circuit breakers will stop it from going lower, and it will be back up to record highs in a few days) to get companies back to old school stakeholders and focusing on long term items, as well as company ethics, and maybe even the value of a good name.

With this mentality, and the fact that there isn't much government oversight, it is quite easy for companies to hire an offshore proxy service as a "consultant firm" to pay the ransom for them plus a fee. The company can have their people deny they paid a red cent in Congress and point towards plausible deniability. Nothing bad will happen to a company if hit by ransomware past a few days of PR and stuff like, "we found the guy who was responsible and he is no longer with us."

Ransomware orgs know this.

This is only going to get worse. I wouldn't be surprised if ransomware orgs are trying to solicit disgruntled company employees to "just click this link while you have elevated permissions". Although game theory comes into play, because the org could turn around and demand ransom from the employee or threaten to turn them in to the employer, or just turn them into the employer for a reward.

Re:

[cmseagle]

I don't know why you lay this at the feet of stock markets or shareholders. It's not like private companies run a different calculus, or magically invest more in cybersecurity. Once you've been hit by ransomware, it doesn't matter if you're listed. It's going to come down to whether paying the ransom is the less expensive/damaging option for the business.

Re:

[Ostracus]

Easy to gloss over WE are the shareholders. Are we feeling guilty yet? No more than we do about our contributions to climate change, or other problems. As long as one can convince that it's someone else's fault, no one will ever have to take responsibility and change.

Remote Access

[bill_mcgonigle]

The report PDF is pretty thin but they single out VPN gateways and other remote access solutions.

We've seen repeatedly that paying a ton for a big name doesn't help avoid zero-days. These big-game hunters might even reverse-engineer firmware updates.

We'll see if an insurance company winds up suing Cisco or something but patch management could be the culprit.
 

Re:Remote Access

[SethJohnson]

I work with a few large insurance companies. I do think patch management is a dangerous vector for ransomware.

As an example, our web application had disclosed 3 critical vulnerabilities and I was admonishing one of these large insurance companies to deploy the security fixes ASAP. Their priority was their ongoing development using the web application and didn't want to pause that to do regression testing of the fixes. I warned them that because the vulnerabilities were public, the ransomware gangs would be creating exploits specific to these vulnerabilities and if successful would have keys to their kingdom. I pointed out that HIPAA could make them personally liable for a breach with jail time as a consequence. Their backpocket response to the HIPAA concern was that they wouldn't be liable if they had used their judgement to evaluate the risk and determined the risk to be insignificant. They said because the web application was within their corporate network and not exposed to the internet, there was little risk of a breach. I told them with millions of dollars of ransom available, those gangs would find a way into their network. They shrugged their shoulders and agreed to disagree on the topic.

Re:

[ctilsie242]

I do think patch management or some operating system, application or firmware's patch mechanism is going to cause a major issue... just a matter of time.

We nearly veered off that cliff several times, from someone signing a SSH binary with Red Hat (and no, this is not a bash on Red Hat, they had the smarts to use a HSM, ensuring the bad guys could only sign something and not swipe the private key, RH responded promptly to lock out that bogus RPM, and RH has a sterling reputation ever since that), to the 7Z i

pay the ransom?

[mukundajohnson]

or pay for better security?

Re:

[Mr. Dollar Ton]

Eventually you'll buy both, in proportion to their relative cost. It is economics, the cheapest mix that delivers the same result is the most efficient.

Re: pay the ransom?

[toutankh]

Ah but that assumes that companies act rationally and make the best decisions for their financial interests, which I do not think we have any evidence for. Also estimating the right mix of these costs is not easy, it's a stochastic world. Some companies might be smart enough to pay smart people *and* listen to them, others might be the typical "the higher up, the more incompetent" with people high up not liking to hear that things are complicated, and asking instead for "top three ways to save money" or oth

Re:

[Mr. Dollar Ton]

which I do not think we have any evidence for.

You score a point here.

Why is it still legal to pay?

[gweihir]

That is essentially financing crime, nothing else. This crap needs to stop.

Re:

[RobinH]

It's crazier than that. Police departments have paid ransomware ransoms. Wrap your head around that for a second.

Re:

[gweihir]

I am aware. Extreme incompetence and no capability for reasonable risk management and contingency planning is widespread in the human race. Well, maybe it will kill us all and end this crap show.

Re:

[RobinH]

I just don't think you hear about the vast majority of ransomware infections. We had a ransomware infection years ago and we had isolated and gotten rid of the problem computer in a little over an hour and restored all affected files over the next day or two. For the most part business continued as normal, other than taking down the network for a hour or so.

Re:

[gweihir]

That is not the standard case of ransomware infections you do not hear about publicly. One of the things I do is IT and IT Security audit (internal audit as a service) in a regulated environment. My customers have to inform me in case of such an infection, it is a legal requirement. Hence I know that about 35% of them had an ransomware infection and that the resulting repercussions and disruptions lasted between 2 Months and a year. The initial outages (network down and then isolated operation, except web-p

Re:

[mjwx]

That is essentially financing crime, nothing else. This crap needs to stop.

Because you'll only end up penalising the victim a second time.

Whilst I agree that you shouldn't pay ransoms, ransomware and hostage taking gangs don't give two shits if the victim gets fleeced by the law after the fact as long as they get their money.

Re:

[gweihir]

No. And stop pushing that bullshit idea.

Somebody that gets infected by Ransomware and cannot recover has been grossly negligent. That makes them a perpetrator, not a victim. You have a responsibility to protect your business or organization against known threats. If you do not, you become complicit.

Financing organize crime Corporate death penalty

[TheNameOfNick]

If you can pay a 75 million ransom, you could have paid for adequate security. Instead you're screwing all of us by making ransomware wildly profitable. I don't care that it's a Fortune 500 company, I want a NAME. And change the law to make paying ransoms illegal, punishable by dissolution of the corporation. FFS people.

Re:Financing organize crime Corporate death penalt

[thegarbz]

If you can pay a 75 million ransom, you could have paid for adequate security.

But one is a single write-down due to "unforeseen" circumstances, while the other is an expense centre.

Sincerely
CFO of BigCorp

Re:

[Deal In One]

If you can pay a 75 million ransom, you could have paid for adequate security.

But one is a single write-down due to "unforeseen" circumstances, while the other is an expense centre.

Sincerely
CFO of BigCorp

But presumably after that one time write-down, they will have to spend properly on security to make sure it doesn't happen again.

So it's either a case of proactively pay for security, or pay a one time lump sum, and then start paying for security. Second option may also lead to a PR backlash and legal problems, since ransomware gangs are known to keep the data they steal even if you pay them off.

https://www.bleepingcomputer.c... [bleepingcomputer.com]

Re:

[thegarbz]

But presumably after that one time write-down, they will have to spend properly on security to make sure it doesn't happen again.

Pfft have you ever met a shareholder? Quite often after a company makes a write down the share price goes up. There's no incentive even after an attack to improve security. Plus you'll get some CIO (That's Chef Idiocy Officer) who thinks that lightning doesn't strike the same place twice.

It should be a felony to pay ransomware

[sinkskinkshrieks]

It's the only way to make it stop.

Re: It should be a felony to pay ransomware

[sinkskinkshrieks]

2/ If you don't have backups or DR/BCP, then it's your fault and your business should go under.

Dual payment

[sit1963nz]

Every $ they pay for these scammers needs to be met with the same $ to find and eliminate them.

Someone would take $50 million to point the finger

Its ONLY when the risks far outweigh the rewards will this stop.

Audit.

[ledow]

Cool, can we charge them with money-laundering and funding criminal enterprises, then? As we have absolutely no clue who they paid, for what purpose, or where the money went (could have just ended up in the CEO's private offshore account).

I know that when I pointed this out at a previous employer they ran a thousand miles from any such payment (even via willing third-parties who would act as go-betweens!) because of money-laundering regulations.

How can you just drop millions of dollars on something you can

MICROS~1 strikes again ..

[Mirnotoriety]

Dark Angels Team Ransomware: In-Depth Analysis, Detection, and Mitigation [sentinelone.com]

Idiots. Criminal idiots.

[bradley13]

Dane-geld. [poetry.com]

Paying ransom is fundametally stupid. It just lets them know that you are a good mark, and they will be back for more. it also funds their lifestyle, so that they can share the joy with other victims.

Paying ransom is a decision made by top executives. Those executives belong in jail.

Who knows the First Legion will be into ransom

[BigFire]

Normally they'll just render a planet inert and terraform it for future settlement by the Imperium.

What if...?

[SouthSeb]

What if someone from within the company lead the attack and then collect the ransom?

Or, even worse...

What if a company is in bad shape and stage a ransom attack just to conceal the missing money?

Anyway, a $75 million theft is mind-boggling! It makes most Hollywood heist movies looking like child's play.