$75 Million Record-Breaking Ransom Paid To Cybercriminals, Say Researchers

The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. 

Researchers at Zscaler claim in a new report that the record-breaking figure was paid by an undisclosed Fortune 50 company to the Dark Angels ransomware group. 

The reported payment almost doubles the previous record – $40 million paid by insurance giant CNA Financial in 2021 after being locked out of its network by attackers using the Phoenix Locker ransomware. 

Dark Angels, which emerged in May 2022, has targeted a wide range of industries including healthcare, finance, government, and education. Most recently it has been seen launching attacks against large industrial, technological and telecoms companies. 

Through its Dunghill data leak site on the dark web, Dark Angels claims to be “an international team of technical specialists conducting research in the field of information security” that is “not interested in politics, and that is why we do not cooperate with governments and law enforcement agencies.” 

The truth is, of course, that Dark Angels’ way of making money is through extortion – threatening companies that their data will be leaked to the world if a ransom is not paid. 

Dark Angels, having compromised a company’s security, decide whether to encrypt a business’s files and then, more often than not, spend days or even weeks exfiltrating vast amounts of data. 

In the cases of larger businesses that have been infiltrated by the group, up to 100 TB of data may be stolen according to Zscaler’s researchers

In a high-profile incident reported by Bleeping Computer in September 2023, Dark Angels hit a multinational conglomerate, forcing it to shut down its IT systems, having encrypted the firm’s VMware ESXi virtual machines and claimed to have stolen over 27 TB of corporate data. 

Dark Angels reportedly demanded a US $51 million ransom from Johnson Controls in exchange for a decryption tool and to delete the files it had stolen. The company later reported in an SEC filing that the expense of investigating and remediating the attack, as well as losses caused by business disruption, had cost it over US $27 million

Faced with the headline of a company paying a record-breaking US $75 million ransom payment, many businesses may well be wondering how they would respond when presented with a demand from cybercriminals. 

Admittedly, it’s probably a great deal easier for a business to decide whether it should cough up tens of millions of dollars to a ransomware gang than ten thousand dollars – but the questions you need to ask yourself remain the same. 

We all know that the more businesses agree to pay a ransom, the more likely it is that cybercriminals will launch similar attacks against others in the future – as well as, perhaps, your company again.

At the same time, your company may feel it has no choice but to make the hard decision to pay. After all, the alternative may put the entire business at risk – and put the livelihoods of your staff, partners, and perhaps even clients at risk. 

Whatever your decision, I would say that it is essential to inform law enforcement agencies of the incident and work with them to help them investigate who might be behind the attacks.

Most importantly, remember that paying a ransom does not ensure that the security problem that allowed the attackers into your network in the first place no longer exists. If you don’t find out what went wrong – and why – and fix it, then you could easily fall victim to further ransomware attacks in the future.


Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.