Zscaler ThreatLabz, a cybersecurity firm, recently released its yearly report on ransomware. The report revealed that a Fortune 50 company paid an astounding $75 million to the Dark Angels ransomware group, a payout that ThreatLabz has deemed “unprecedented”.
Despite not being explicitly named, Bleeping Computer believes that the targeted Fortune 500 company could be Cencora, an insurance company that experienced a cyberattack in February 2024 and had their data stolen. As no group has taken responsibility for the attack, it is likely that Cencora paid the ransom.
According to ThreatLabz, the largest publicly known payout from any company is $75 million. The previous “record holder,”insurance company CNA, paid a group known as Evil Corp $40 million.
According to Zscaler’s top five list, Dark Angels holds the top spot as the most prominent ransomware gang. This group of hackers has been active since 2022 and, according to ThreatLabz, has been specifically targeting the healthcare, government, finance, and education sectors.
In more recent times, they have begun targeting technology, industrial, and telecommunication companies.
The group known as Dark Angels is responsible for operating “Dunghill Leak”on the deep web. Failure to pay the ransom will result in the release of the stolen data on the site.
The Dark Angels are known for their tendency to steal vast amounts of data, often targeting multiple victims at once. However, a recent report reveals that they primarily focus on one major corporation at a time, a practice referred to as “Big Game Hunting.”
This situation occurs when Dark Angels, or any other gang, utilizes encryption to lock a company’s data on a disk, rendering it extremely challenging to access. Unless the ransom is paid or the software is removed, recovering the data becomes an arduous task.
Where will ransomware go in 2025?
Zscaler has also revealed its predictions for 2025. In light of the $75 million heist, ThreatLabz anticipates the emergence of imitators utilizing comparable tactics. They also foresee an increase in the utilization of generative AI to breach corporate systems.
The issue of voice cloning is already a cause for worry, as demonstrated by the recent experience of advertising giant WPP, who fell victim to a voice cloning attack earlier this year. The availability of generative AI apps such as MyVocal makes it extremely simple to execute and replicate this type of attack.
According to a Chainalysis report from February, ransomware has been on the rise and evolving over the past few years. The report states that payments have exceeded $1 billion, which is a significant increase from the $567 million reported in 2022.
In 2013, viruses such as “Crypto Locker”were found to be spreading, leading to the discovery of ransomware attacks of this kind.
Experts warn of continued spread of ransomware
In 2021, Mikko Hyppönen, a cybersecurity expert, has referred to the current state of ransomware as “Ransomware 2.0”. This term is used due to the increasing number of companies being affected by it on a daily basis. Hyppönen was also a member of the team that first discovered the Brain virus.
Hyppönen concluded his presentation at the RSA conference on June 10 by confirming that certain companies have successfully bounced back by switching to iPads or Chromebooks for their cybersecurity needs.
He concluded the discussion by emphasizing that companies must be proactive in safeguarding their data from criminals and cannot simply hide from the issue.
Leave a Reply