A staggering $75 million was reportedly paid to a ransomware gang, believed to be the largest ransom ever paid by a victim of a cyber attack since records began.
In a new report, researchers at Zscaler allege that the record-breaking amount was paid to the Dark Angels ransomware group by an undisclosed Fortune 50 company.
The reported payout is nearly double the previous record of $40 million paid in 2021 by insurance giant CNA Financial after it was locked out of its network by attackers using the Phoenix Locker ransomware.
Since emerging in May 2022, Dark Angel has targeted a wide range of industries, including healthcare, finance, government, and education, and has recently been seen attacking large industrial, technology, and telecommunications companies.
Through the dark web data leak site Dunhill, the Dark Angels claim to be “an international team of technical experts conducting research in the field of information security” and that they “are not interested in politics, which is why they do not cooperate with governments or law enforcement agencies.”
Of course, the truth is that Dark Angel makes money through extortion – threatening companies with leaking their data to the world unless they pay a ransom.
After compromising a company’s security, Dark Angels decide whether to encrypt the company’s files and then often spend days or even weeks stealing vast amounts of data.
According to Zscaler researchers, large companies compromised by this group could potentially have up to 100TB of data stolen.
In notable reported cases, Bleeping Computer In September 2023, Dark Angel attacked a multinational conglomerate, encrypting the company’s VMware ESXi virtual machines and claiming to have stolen over 27 terabytes of corporate data, forcing it to shut down its IT systems.
Dark Angel reportedly demanded a $51 million ransom from Johnson Controls in exchange for a decryption tool and the deletion of the stolen files. The company later filed an SEC lawsuit alleging it had suffered more than $27 million in losses from the costs of investigating and remediating the attack, as well as business interruption losses.
In the wake of news of companies paying a record $75 million ransom, many businesses may be wondering how to respond if cybercriminals make demands on them.
Sure, it’s probably much easier for a business to decide whether to pay tens of millions of dollars to a ransomware gang than it is to decide whether to pay $10,000, but the questions to ask are the same:
We all know that the more companies that agree to pay the ransom, the more likely it is that cybercriminals will launch similar attacks against other companies in the future, and possibly even yours.
At the same time, your company may feel like it has no choice but to make the difficult decision to pay – after all, that choice could put your entire business at risk, putting the livelihoods of your employees, partners, and maybe even your customers at risk.
Whatever you decide, I would say it is essential that you report the incident to law enforcement and work with them to help investigate who is behind the attack.
The most important thing to remember is that paying the ransom doesn’t erase the security issues that allowed the attackers to get into your network – unless you find out what went wrong and why and fix it, you’ll likely become a victim of a ransomware attack in the future.
Editor’s note: The opinions expressed in this article and other guest author articles are solely those of the contributors and do not necessarily reflect the opinions of Tripwire.
