Rs 555 Crores Ransom Paid to Notorious Dark Angels Ransomware Gang: Details Revealed

In a startling revelation, cybersecurity experts have disclosed that a record-breaking ransom of $75  million (Rs 555 Crore) was paid to the Dark Angels cybercrime group. This astronomical sum has set a new precedent in the realm of ransomware attacks, doubling the previous high of $40 million paid by CNA Financial in 2021.

Ransomware attacks have become a lucrative endeavor for cybercriminals, driven by the promise of substantial financial rewards. According to data compiled by Varonis, ransomware incidents have surged, with the latest Zscaler ThreatLabz report highlighting an 18% year-on-year increase in such attacks. The healthcare, manufacturing, and technology sectors have been particularly hard hit, with manufacturing facing more than twice as many attacks as the other two sectors combined.

Geographically, the United States remains the prime target, accounting for almost half of all ransomware attacks, followed by the United Kingdom. Over the past year, the U.S. has seen a staggering 93% rise in ransomware incidents, as reported by Zscaler researchers.

The Dark Angels cybercrime group, although not previously among the most notorious gangs, has now been flagged as the top ransomware actor to watch over the coming year. Operating a data leak site named Dunghill, the group first appeared on the radar in May 2022. Initially identified by Cyble as a rebranding of the Babuk ransomware family, the Dark Angels have quickly escalated their operations.

One of their most notable attacks occurred in September 2023, targeting automation and manufacturing giant Johnson Controls. The attack involved using Dark Angels ransomware to lock the company’s VMWare ESXi servers, demanding a ransom of $51 million. Although it remains unclear if the ransom was paid, the attackers allegedly stole 27 terabytes of corporate data.

C-Edge, a TCS and SBI Joint Venture, Hit by a Massive Ransomware Attack

Unlike many ransomware groups that adopt a broad and indiscriminate approach, the Dark Angels employ a highly targeted strategy, focusing on a small number of high-value victims. This method ensures that while the number of victims is low, each target is carefully selected for maximum impact. This targeted approach contrasts starkly with most ransomware groups, which rely on affiliate networks for initial access and penetration testing.

The Zscaler ThreatLabz report suggests that the data stolen by the Dark Angels typically ranges between 10-100 terabytes for large businesses, an amount that can take days to weeks to transfer.

The success of the Dark Angels in securing a $75 million ransom has significant implications for the cybersecurity landscape. It not only sets a new financial benchmark but also signals to other cybercriminals the potential rewards of high-stakes ransomware attacks. The increasing use of ransomware-as-a-service models, zero-day attacks on legacy systems, vishing attacks, and AI-powered attacks has led to record-breaking ransom payments.

As businesses grapple with these evolving threats, ransomware defense remains a top priority for Chief Information Security Officers (CISOs) worldwide. The unprecedented ransom paid to the Dark Angels underscores the urgent need for robust cybersecurity measures and proactive threat intelligence to safeguard against the growing menace of sophisticated ransomware operations.

Follow The420.in on

Twitter (X), LinkedIn, and YouTube