Dark Angels: The Ransomware Group That Defies Convention
A Fortune 50 company made headlines earlier this year by paying $75 million to Dark Angels, a notorious cybercriminal group. This record-breaking ransom payment far surpasses any previous known payouts in history, showcasing the group’s unique tactics and effectiveness.
While other companies have also fallen victim to ransomware attacks, such as CNA Financial, JBS, and Caesars Palace, none have come close to the astronomical sum paid to Dark Angels. This large organization, whose identity remains undisclosed, decided to meet the hefty demand, as reported in Zscaler’s annual ransomware report.
Unveiling Dark Angels’ Modus Operandi
Dark Angels emerged in May 2022, targeting high-profile entities like S&P 500 companies across various industries. Their approach involves attacking fewer but more lucrative targets, as exemplified by their breach of Johnson Controls International (JCI) and subsequent ransom demand of $51 million.
Unlike traditional ransomware groups, Dark Angels sets itself apart by eschewing ransomware-as-a-service models and utilizing existing encryptors like Ragnar Locker and Babuk. Their success hinges on meticulously selecting targets and exfiltrating massive amounts of sensitive data, often in the range of tens of terabytes.
The Enigma of Dark Angels
Dark Angels’ subtlety and aversion to the limelight enable them to operate discreetly and secure higher returns on their illicit activities. They often refrain from encrypting victims’ data, allowing businesses to function normally while quietly facilitating ransom payments.
Despite challenging conventional wisdom, Dark Angels’ strategy proves effective in extorting hefty sums from companies eager to resolve their breaches swiftly. Their unique approach poses a formidable challenge to cybersecurity experts and raises concerns about the future of ransomware attacks.
Countering Dark Angels’ Threat
Zscaler’s report warns that other ransomware groups may emulate Dark Angels’ tactics to target high-value victims and maximize financial gains. However, the group’s Achilles’ heel lies in the time-consuming process of exfiltrating massive volumes of data, providing opportunities for vigilant companies to thwart their operations.