A notorious ransomware gang, reportedly dubbed, stunned global cybersecurity circles by extracting a staggering $75 million information ransom payment from a prominent Fortune 50 company, sending shockwaves through the industry. Since 2021, the enigmatic Darkish Angels have been operating undetected, their lack of publicity attributed to their preference for solo operations and a low-profile approach that focuses on large-scale data theft rather than disruptively targeting victims’ systems.
Picture: Shutterstock.
This month, the safety agency has listed Darkish Angels as the greatest ransomware threat for 2024, citing the alarming instance of an early-2024 victim who paid the ransomware group a staggering $75 million – surpassing any previously recorded ransom payment? ThreatLabz has uncovered that Darkish Angels, a notorious group, is behind some of the most extensive ransomware attacks on record, yet surprisingly little is known about their identity and motivations.
As stated by Michael Burris, senior director of risk intelligence at ThreatLabz, the Darkish Angels group operates with a uniquely distinct approach compared to most other ransomware gangs. Unlike typical ransomware operations, Darkish Angels eschews the conventional affiliate model, wherein hackers-for-hire install malware that locks up infected systems, instead…
According to Stone-Gross, the vulnerabilities do not necessarily require placement within headlines or provoke significant enterprise disruptions. The goal of their strategies is to generate wealth while minimizing attention.
Ransomware operators frequently maintain flashy “leak” websites that publicly shame victims, threatening to release their stolen data unless a ransom payment is made. Despite the rumors, the Darkish Angels did not operate a victim-shaming website. The lack of a distinct online identity makes the website difficult to find and remember; it’s called?
Is the Darkish Angels sufferer shaming website, DumpHill Leak.
“Not a single aspect of their persona shines with grandeur,” Stone-Gross declared. “For years, the website’s existence wasn’t enough to warrant attention-grabbing headlines. Instead, its creators probably felt driven to establish an anonymous leaks platform in order to signal their commitment to transparency and willingness to share sensitive information publicly.”
The notorious Darkish Angels gang is believed to be based in Russia, distinguished by its audacious strategy of pilfering massive amounts of sensitive data from prominent organizations across industries such as healthcare, finance, government, and education. ThreatLabz’ research revealed that it had siphoned off a staggering volume of data from major corporations – anywhere from 10 to 100 terabytes of intellectual property, an amount so vast that it would likely take days, if not weeks, to transfer out of the companies’ systems.
Unlike most ransom gangs, Darkish Angels typically post pilfered data publicly, exposing those who refuse to comply with their demands. Several prominent victims listed among those affected by Dunghill Leak include the global food distribution company, whose operations were severely impacted; and the major travel booking platform, which experienced significant disruptions.
According to Stone-Gross, the Darkish Angels are often hesitant to deploy ransomware due to its propensity to lock down the target’s entire IT system, thereby crippling the victim’s business operations for extended periods of time – potentially lasting days, weeks, or even months. Major data breaches that expose sensitive information often garner widespread media attention quickly.
“They deliberately choose when and where to deploy ransomware, opting out of attacks if circumstances dictate.” “In the unlikely scenario where they decide to encrypt specific data without causing significant disruptions, they would opt for this approach instead.” What truly distinguishes these individuals is their sheer scale of intellectual pilfering. Compared to its predecessor, the improvement is staggering with the introduction of Darkish Angels. Companies yielding to extortionists’ demands by paying out massive sums in exchange for the release of sensitive information are perpetuating this problem.
The mystery surrounding the $75 million ransom payment on the document remains unsolved. That the affected party was Big Pharma (previously unknown), which disclosed a data security incident to the Securities and Exchange Commission (SEC) on February 21, 2024?
The Securities and Exchange Commission (SEC) mandates that publicly traded companies disclose any probable material cybersecurity incidents within a four-day timeframe following the event. Cenacor ranks #10 on the Fortune 500 list, with a revenue of over $262 billion for the past year.
Cencora declined to comment on whether it paid a ransom related to the February cyberattack, instead directing inquiries to invoices listed under “Miscellaneous” in their restructuring plan’s PDF. The majority of the $30 million settlement payment associated with the “Different” incident was attributed to the breach itself.
Cencora’s quarterly report disclosed that a single-incident disruption impacted a standalone, legacy information technology platform in one country, subsequently affecting the international business unit’s operations in that nation for approximately two weeks.
Cencora’s 2024 first-quarter report reveals a staggering $30 million financial impact stemming from an information exfiltration incident that occurred in mid-February 2024.
According to the latest PDF from a prominent safety agency, it was found that the average ransomware demand has increased exponentially over the past year, jumping from approximately $400,000 in 2023 to a staggering $2 million by the end of 2023. Sophos says that . In total, 40 percent of the entire ransomware funding came from the organizations themselves, while 23 percent originated from insurance providers.
Additional studying: (PDF).
