Fortune 50 firm Cencora paid $75 million ransom to hacking group Dark Angels
Hackers who carried out a cyberattack against the drug distributor Cencora Inc. were paid a total of $75 million, making it the largest known payment for cyber extortion ever made.
According to an article published by Bloomberg today, it was reported the hacking group Dark Angels had carried out the biggest cryptocurrency heist in history following a cyberattack on Cencora. The report further stated that the payment made for the Cencora hack occurred in three installments in Bitcoin in March, according to people familiar with the matter who declined to be named in order to talk about sensitive details.
The initial ransom demand was $150 million, but Pennsylvania-based Cencora paid $75 million. The cybersecurity company Zscaler Inc. and the blockchain analytics company Chainalysis Inc. announced in July that the hacking group Dark Angels had received the substantial payment, but they did not reveal who the victim was. This was the first indication of a $75 million ransom. The first official confirmation that the drug distributor was the hacker's victim comes from Bloomberg's reporting.
Brett Callow, a managing director at FTI Consulting, a large cybersecurity advisory services firm, said that it was previously unthinkable to pay $75 million. Callow explained that Bloomberg reported in 2021 about an insurance company, CNA Financial Corp., that has to pay $40 million to settle the highest known case of cyber extortion before the Cencora case.
Blockchain sleuth ZachXBT confirms with evidence that Cencora paid $75M to Dark Angels Hacking Group
ZachXBT, a blockchain expert, thinks he has discovered the on-chain payments made to Dark Angels. He wrote on X that he would reveal the BTC transactions for the $75M payment to Dark Angels ransomware group made by Cencora.
I think it’s a bad look when a large publicly traded company like Cencora does not share the BTC transactions for the $75M payment to Dark Angels ransomeware group so I will just post it for them.
— ZachXBT (@zachxbt) September 18, 2024
296.5 BTC - Mar 7, 2024 at 10:04 pm UTC… https://t.co/24n3J2ubSh pic.twitter.com/aXEx3kHVxz
He stated that the Bloomberg report contains a number of hints that can be used to find possible on-chain payments, such as the three installments that happened in March 2024. Additionally, the funds for all three addresses came from the same source and went to addresses with a significant exposure to illicit funds.
Who Are the Dark Angels?
The hacking group Dark Angels has been identified as the number one ransomware actor to keep an eye on due to the serious threat the cybercrime group poses to businesses. Dark Angels is believed to be a Russian cybercrime syndicate that first surfaced in 2021 and has targeted businesses in the banking, healthcare, government, and educational sectors.
The gang became popular in May 2022, and it runs a related data leak site that is appropriately named Dunghill. At the time, threat intelligence experts Cyble stated that Dark Angels was simply the Babuk ransomware family rebranded. However, the group's most popular attack in its brief history as a hacking entity was carried out the following year.
The group uses a very focused strategy, usually going after a single large corporation at a time, according to a report published by Zscaler. Cybersecurity vendor SentinelOne said that threat actors locked the automation and manufacturing company Johnson Controls' VMware ESXi servers in September 2023 using the Dark Angels ransomware. After allegedly stealing 27 terabytes of company data, the Zscaler ThreatLabz researchers claimed that a $51 million ransom demand was made; however, it has not been confirmed if any money was paid.
Security company Zscaler ThreatLabz revealed in August that Dark Angels was the leading ransomware threat for 2024 after learning that an unidentified company had paid out $75 million after a data breach.
Chainalysis reports that 2024 is expected to record the highest ransomware revenue ever
Chainalysis reports that the total amount of ransom payments is increasing. According to an August report from Chainalysis, the median ransom payment made for the most severe strains of ransomware was $1.5 million in June, up from just under $200,000 at the beginning of the year. The company stated that the total amount of ransom payments in 2024 will surpass the $1 billion record set last year.
Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.