The latest Zscaler ThreatLabz report has uncovered a new record in the world of ransomware, with a previously unheard-of $75 million ransom demand made by a group known as the Dark Angels.
What happened
The Dark Angels, a relatively new ransomware gang that first appeared on the radar in May 2022, have quickly made a name for themselves as one of the most formidable threats in cybersecurity. According to the Zscaler report, the group targeted an unnamed company in September 2023, locking down their VMWare ESXi servers and stealing an alleged 27 terabytes of corporate data.
The Dark Angels' ransom demand was $51 million, which, if paid, would have eclipsed the previous record of $40 million paid by insurance giant CNA Financial in 2021. While it remains unconfirmed whether the victim actually paid the ransom, the mere existence of such a high demand proves the growing audacity and ambition of these cybercriminal groups.
Going deeper
The Dark Angels' approach sets them apart from many other ransomware gangs. Instead of indiscriminately targeting a large number of victims, the group takes a highly selective and targeted approach, focusing on a small number of high-value organizations. According to Zscaler researchers, this targeted strategy likely contributes to their ability to demand exceptionally high ransom amounts.
What was said
Ryan McConechy, the chief technology officer of Barrier Networks, noted that the high ransom demand made by the Dark Angels is likely a reflection of their thorough research into the target's financial capabilities. "Attackers will often research a target's accounts to set the ransom at a figure it can afford," he said, "which is also slightly lower than the cost of operational downtime and rebuilding systems from scratch."
Why it matters
The emergence of the Dark Angels and their record-breaking ransom demand reminds us of the escalating arms race between cybercriminals and the organizations they target. As these groups become more sophisticated and their demands grow more audacious, the stakes for businesses and individuals alike continue to rise.
FAQs
What is ransomware?
Ransomware is malware that holds a victim's data hostage by encrypting it or restricting access to the system. The attackers then demand a ransom in exchange for the decryption key or the restoration of system access.
What can organizations do to protect themselves from ransomware attacks?
Experts recommend a multi-layered approach to ransomware defense, including people-focused initiatives, advanced processes, and the deployment of the latest security technologies. Proactive measures to prevent initial access and minimize attack surfaces are necessary in the fight against these threats.
How can the cybersecurity community respond to the growing ransomware crisis?
Collaboration, information sharing, and the development of new defensive strategies will be fundamental in the ongoing battle against ransomware. Governments, security vendors, and organizations must work together to stay ahead of the constantly changing tactics employed by cybercriminal groups like the Dark Angels.
Farah Amod
