Dark Angels Ransomware Gang Reaps Record $75 Million Payout
Zscaler, a company specializing in cloud security, has discovered that this year, hackers from the Dark Angels group secured a record ransom payment of $75 million. The name of the affected organization remains undisclosed, but it is known that this is the largest ransom payment in the history of cyber extortion.
Experts warn that such a substantial ransom will inevitably attract the attention of other cybercriminals seeking to replicate Dark Angels’ success. According to Zscaler, the number of ransomware attacks increased by 18% from April 2023 to April 2024. The primary targets were manufacturing enterprises, healthcare institutions, and technology companies.
“Ransomware defense remains a top priority for CISOs in 2024. The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments,” said Deepen Desai, Chief Security Officer at Zscaler. “Organizations must prioritize Zero Trust architecture to strengthen their security posture against ransomware attacks. This is where an AI-powered Zero Trust platform like Zscaler helps organizations fast-track their segmentation journeys, reducing the blast radius as well as shutting down unknown vectors for future AI-driven attacks.”
Among the sectors most susceptible to attacks, the energy sector stands out, with the number of attacks surging by 500% over the year. This increase is attributed to the critical importance of infrastructure and its heightened vulnerability to operational disruptions.
The United States remains the primary target for attacks, accounting for nearly half of all incidents. Following the U.S. are the United Kingdom, Germany, Canada, and France.
Over the past year, Zscaler identified 19 new ransomware families, bringing the total number of tracked groups to 391. The most active among these were LockBit, BlackCat (ALPHV), and 8Base.
Particular attention is given to the Dark Angels group, which emerged in May 2022. Many of the largest attacks have been orchestrated and executed by members of this criminal organization. The main targets of Dark Angels include healthcare, government, financial institutions, and educational organizations.
The group is distinguished by its highly targeted approach, attacking large companies individually, unlike most other groups that work with multiple targets through partner networks. Dark Angels often steal massive amounts of data, which can reach up to 100 TB.
In September 2023, the group conducted its most notorious attack, breaching an international conglomerate that provides building automation solutions. The criminals claimed to have stolen over 27 TB of data and demanded a ransom of $51 million.
Experts note that Dark Angels’ strategy of focusing on a small number of large companies is becoming increasingly common. This raises concerns that other groups may follow their example to maximize financial gains.
