Tuesday, September 10, 2024
HomeCyber SecurityFortune 50 Co. Pays Document-Breaking $75M Ransomware Demand

Fortune 50 Co. Pays Document-Breaking $75M Ransomware Demand


A Fortune 50 firm paid $75 million to its cyberattackers earlier this 12 months, drastically exceeding another confirmed ransom fee in historical past. The beneficiary of the payout is an outfit referred to as Darkish Angels. And Darkish Angels is not simply efficient — in some methods, the gang turns a lot of what we thought we knew about ransomware on its head.

Positive, there have been different huge quantities forked over prior to now: In 2021, Illinois-based CNA Monetary was reported to have paid a then unprecedented $40 million ransom with a purpose to restore its programs after a ransomware assault (the corporate by no means confirmed that determine). Later that 12 months, the meat producer JBS admitted to paying $11 million to finish a disruption affecting its factories. Caesars Palace final 12 months paid $15 million to make its ransomware disruption issues go away.

However these figures pale as compared in opposition to the $75 million in equal Bitcoin paid by the aforementioned massive group, which Zscaler selected to maintain nameless in its 2024 annual ransomware report, the place the payout was first recorded. The greenback quantity has additionally been corroborated by Chainalysis.

Meet the Darkish Angels

Darkish Angels first appeared within the wild in Could 2022. Ever since, its specialty has been defeating fewer however higher-value targets than its ransomware brethren. Previous victims have included a number of S&P 500 firms unfold throughout different industries: healthcare, authorities, finance, training, manufacturing, telecommunications, and extra.

For instance, there was its headline-grabbing assault on the megalith Johnson Controls Worldwide (JCI) final 12 months. It breached the corporate’s VMware ESXi hypervisors, freezing them with Ragnar Locker and stealing a reported 27 terabytes price of information. The ransom demand: $51 million. It is unclear how Johnson Controls responded however, contemplating its $27 million-plus cleanup effort, it is seemingly that the corporate didn’t cave.

$27 million would have been the second-largest ransom fee in recorded historical past on the time (after the reported CNA fee). However there’s proof to counsel that this wasn’t just a few outlandish negotiating tactic — that Darkish Angels has good motive to suppose it will possibly pull off that type of haul.

Darkish Angels Does Ransomware Otherwise

Neglect the whole lot you already know about ransomware, and you will begin to perceive Darkish Angels.

Towards the grain, the group doesn’t function a ransomware-as-a-service enterprise. Nor does it have its personal malware pressure — it prefers to borrow encryptors like Ragnar Locker and Babuk.

Its success as an alternative comes down to a few major components. First: the additional care it will possibly take by attacking fewer, higher-yielding targets.

Second is its means to exfiltrate gobs of delicate knowledge. As Brett Stone-Gross, senior director of menace intelligence at Zscaler explains, “When you have a look at a whole lot of these different ransomware teams, their associates are stealing possibly a couple of hundred gigabytes of information. Generally even lower than 100 gigabytes of information. They often prime out round, possibly, one terabyte or so. In distinction, Darkish Angels are stealing tens of terabytes of information.”

In that, Darkish Angels differs solely in diploma, not in sort. The place it actually separates itself from different teams is in its subtlety. Its leak web site is not flashy. It would not make grand pronouncements about its newest victims. Moreover the apparent operational safety advantages to stealth (it is largely escaped media scrutiny in recent times, regardless of pulling off main breaches), its aversion to the limelight additionally helps it earn bigger returns on funding.

For instance, the group usually avoids encrypting victims’ knowledge, with the specific goal of permitting them to proceed to function with out disruption. This appears to defy frequent knowledge. Certainly the specter of downtime and media scrutiny are efficient instruments to get victims to pay up?

“You’ll suppose that, however the outcomes say in any other case,” Stone-Gross suggests.

Darkish Angels makes paying one’s ransom straightforward and quiet — a lovely prospect for firms that simply wish to put their breaches behind them. And avoiding enterprise disruption is mutually useful: With out the steep payments related to downtime, firms have more cash to pay Darkish Angels.

Can Darkish Angels’ Wings Be Clipped?

In its report, Zscaler predicted “that different ransomware teams will be aware of Darkish Angels’ success and should undertake comparable techniques, specializing in excessive worth targets and rising the importance of information theft to maximise their monetary positive factors.”

If that ought to come to move, firms will face a lot steeper, but extra compelling ransom calls for. Fortunately, Darkish Angels’ method has an Achilles’ heel.

“If it is a terabyte of information, [a hacker] can in all probability full that switch in a number of days. However while you’re speaking terabytes — you already know, tens of terabytes of information — now you are speaking weeks,” Stone-Gross notes. So, firms that may catch Darkish Angels within the act could possibly cease them earlier than it is too late.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments