Ransomware gang paid record-breaking $75m after targeted attack
Cup of Couple/Tima Miroshnichenko/AdobeZscaler ThreatLabz, a cybersecurity company, has published its annual ransomware report, which includes a whopping $75 million paid out by a Fortune 50 company to ransomware gang Dark Angels. ThreatLabz has called the payout “unprecedented”.
Although the exact Fortune 500 company is not revealed, Bleeping Computer suspects that it could be insurance company Cencora, which was hacked in February 2024. With no gangs claiming the hack, it appears that Cencora might have paid the ransom.
According to ThreatLabz, $75 million is the largest publicly known payout from any company. The previous “record holder” was insurance company CNA, which paid a group – Evil Corp – $40 million.
Zscaler ranks Dark Angels as the number one ransomware gang in their top five list. The hacker collective has been operating since 2022. According to ThreatLabz, has been targeting “healthcare, government, finance, and education”.
More recently, they’ve taken to hit tech, industrial, and telecommunication companies.
Dark Angels run “Dunghill Leak” on the deep web. If the ransom isn’t paid, the stolen data will be leaked onto the site.
Dark Angels tend to steal hundreds of terabytes of data, casting a wide net over the victim. According to the report, they only go after one large company at a time, which is dubbed “Big Game Hunting”.
This happens when Dark Angels – or any gang – encrypts a company’s data on the disk, making it nearly impossible to crack back open. Unless the ransom is paid or the software is removed in some capacity, recovering the data is incredibly difficult.
Where will ransomware go in 2025?
Zscaler has also outlined its 2025 predictions. With the success of the $75 million heist, ThreatLabz expects to see copycats using similar tactics. They also expect to see a rise in generative AI to infiltrate companies.
Voice cloning is already a concern, with advertising giant WPP already being hit this year. Generative AI apps like MyVocal make this incredibly easy to set up and reproduce.
Ransomware has been on the rise and evolving for the last few years. In a Chainalysis report from February, it claims payments exceeded $1 billion. This is after a significant dip to $567 million in 2022.
Ransomware attacks of this nature were first discovered in 2013, as viruses like “Crypto Locker” began to spread.
Ransomware keeps spreading according to experts
In 2021, cybersecurity expert Mikko Hyppönen has dubbed it “Ransomware 2.0”, with more and more companies hit every day. Hyppönen was part of the team that discovered the very first virus, Brain.
Hyppönen’s June 10 talk at the RSA conference ended with the cybersecurity legend confirming that some companies are recovering by swapping to iPads or Chromebooks.
He also ended that talk by saying companies cannot hide and need to be proactive about protecting data from criminals.