Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand

  /     /     /  
Publicated : 23/11/2024   Category : security


Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand


The runaway success of an upstart ransomware outfit called Dark Angels may well influence the cyberattack landscape for years to come.



A Fortune 50 company paid $75 million to its cyberattackers earlier this year, greatly exceeding any other confirmed ransom payment in history. The beneficiary of the payout is an outfit called Dark Angels. And Dark Angels isnt just effective — in some ways, the gang turns so much of what we thought we knew about ransomware on its head.
Sure, there have been other big amounts forked over in the past: In 2021, Illinois-based CNA Financial was reported to have paid a then unprecedented
$40 million ransom
in order to restore its systems after a ransomware attack (the company never confirmed that figure). Later that year, the meat manufacturer
JBS admitted to paying $11 million
to end a disruption affecting its factories.
Caesars Palace last year paid $15 million
to make its ransomware disruption problems go away.
But those figures pale in comparison against the $75 million in equivalent Bitcoin paid by the aforementioned large organization, which Zscaler chose to keep anonymous in its 2024
annual ransomware report
, where the payout was first recorded. The dollar amount has also been
corroborated by Chainalysis
.
Dark Angels first appeared in the wild in May 2022. Ever since, its specialty has been defeating fewer but higher-value targets than its ransomware brethren. Past victims have included multiple S&P 500 companies spread across varied industries: healthcare, government, finance, education, manufacturing, telecommunications, and more.
For example, there was its headline-grabbing attack on the megalith Johnson Controls International (JCI) last year. It breached the companys
VMware ESXi hypervisors
, freezing them with Ragnar Locker and stealing a reported 27
terabytes
worth of data. The ransom demand: $51 million. Its unclear how Johnson Controls responded but, considering its
$27 million-plus cleanup effort
, its likely that the company did not cave.
$27 million would have been the second-largest ransom payment in recorded history at the time (after the reported CNA payment). But theres evidence to suggest that this wasnt just some outlandish negotiating tactic — that Dark Angels has good reason to think it can pull off that kind of haul.
Forget everything you know about ransomware, and youll start to understand Dark Angels.
Against the grain, the group does not operate a ransomware-as-a-service business. Nor does it have its own malware strain — it prefers to borrow encryptors like
Ragnar Locker
and
Babuk
.
Its success instead comes down to three primary factors. First: the extra care it can take by attacking fewer, higher-yielding targets.
Second is its ability to exfiltrate gobs of sensitive data. As Brett Stone-Gross, senior director of threat intelligence at Zscaler explains, If you look at a lot of these other ransomware groups, their affiliates are stealing maybe a few hundred gigabytes of data. Sometimes even less than 100 gigabytes of data. They usually top out around, maybe, one terabyte or so. In contrast, Dark Angels are stealing tens of terabytes of data.
In that, Dark Angels differs only in degree, not in kind. Where it really separates itself from other groups is in its subtlety. Its leak site isnt flashy. It doesnt make grand pronouncements about its latest victims. Besides the obvious operational security benefits to stealth (its largely escaped media scrutiny in recent years, despite pulling off major breaches), its aversion to the limelight also helps it earn larger returns on investment.
For example, the group often avoids encrypting victims data, with the express purpose of allowing them to continue to operate without disruption. This seems to defy common wisdom. Surely the threat of downtime and media scrutiny are effective tools to get victims to pay up?
You would think that, but the results say otherwise, Stone-Gross suggests.
Dark Angels makes paying ones ransom easy and quiet — an attractive prospect for companies that just want to put their breaches behind them. And avoiding business disruption is mutually beneficial: Without the steep bills associated with downtime, companies have more money to pay Dark Angels.
In its report, Zscaler predicted that other ransomware groups will take note of Dark Angels’ success and may adopt similar tactics, focusing on high value targets and increasing the significance of data theft to maximize their financial gains.
If that should come to pass, companies will face much steeper, yet more compelling ransom demands. Luckily, Dark Angels approach has an Achilles heel.
If its a terabyte of data, [a hacker] can probably complete that transfer in several days. But when youre talking terabytes — you know, tens of terabytes of data — now youre talking weeks, Stone-Gross notes. So, companies that can catch Dark Angels in the act may be able to stop them before its too late.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand