Fortune 50 Ransomware Victim Pays an Eye-Watering $75 Million



75-mil-ransomwareThe Dark Angels ransomware group got paid a staggering $75 million ransom from an undisclosed Fortune 50 victim.

This eye-watering sum shatters the previous record of $40 million paid by insurance giant CNA Financial in 2021, setting a new and alarming benchmark in the ransomware landscape.

The revelation comes from the latest ZScaler ThreatLabz ransomware report, which paints a grim picture of the current state of cybersecurity. Chainanalysis, a cryptocurrency tracking firm, also confirmed it spotted the $75 million payment to Dark Angels.

Focuses On One Large Company At A Time

Compared to other ransomware groups, Dark Angels stands out by focusing on a "single large company at a time,” and demanding a high sum, Zscaler says. “This is in stark contrast to most ransomware groups, which target victims indiscriminately and outsource most of the attack to affiliate networks."

For instance, Zscaler reported that in September 2023, Dark Angels breached an international conglomerate specializing in building automation systems and other services. The group stole 27TB of corporate data while encrypting the company’s VMware ESXi virtual machines and subsequently demanded a $51 million ransom.

93 Percent Increase in Ransomware Attacks Targeting the U.S

According to the report, ransomware attacks have surged by 18% YoY, with healthcare, manufacturing, and technology sectors bearing the brunt of these malicious activities. Particularly concerning is the manufacturing sector, which has experienced more than double the attacks compared to the other two industries combined.

Geographically, the United States remains the prime target for ransomware attacks, accounting for nearly half of all incidents worldwide. The UK follows closely behind. What is even more alarming is the 93% increase in ransomware attacks targeting the U.S. compared to the previous year, highlighting the urgent need for improved cybersecurity measures across the nation.

The Impact of Major Ransomware Groups

While the Dark Angels group may not be a household name like some of their more notorious counterparts, their recent payday certainly puts them in the spotlight. The cybercrime landscape is constantly shifting, with new groups emerging and others fading away. ZScaler has tracked a total of 391 ransomware gangs over the years, with 19 new ones identified between April 2023 and April 2024 alone.

Despite law enforcement efforts to disrupt their operations, established ransomware groups continue to dominate the scene. LockBit remains at the top of the list, followed by BlackCat (ALPHV), 8Base, Play, and Clop. These groups consistently demonstrate their ability to adapt and evolve, staying one step ahead of security measures.

The record-breaking ransom paid to the Dark Angels group serves as a stark reminder of the critical importance of security awareness and training. As ransomware attacks grow in both frequency and severity, organizations must prioritize educating their employees about potential threats and best practices for prevention. 

Looking Ahead: 2025 Predictions

1) As ransomware threats evolve, several key trends are set to shape the cybersecurity industry in 2025, as highlighted in the ransomware report. Among these trends, one section that caught everyone’s attention is the rise of highly targeted attack strategies. Groups like Dark Angels are setting a precedent by focusing on a few high-value targets for substantial ransoms, which may influence other threat actors to adopt similar approaches.

2) Another trend is the use of voice-based social engineering by specialized initial access brokers such as Qakbot and Scattered Spider, who will likely continue to exploit this tactic to infiltrate corporate networks.

3) Generative AI is expected to play a significant role in ransomware attacks, enabling threat actors to create more convincing and personalized attacks, including AI-generated email and voice impersonations. 

4) High-volume data exfiltration attacks, which exploit the fear of data leaks rather than relying on encryption are expected to rise. The healthcare sector will remain a prime target due to its valuable data, necessitating enhanced security measures.

International collaboration is crucial in disrupting global ransomware networks and combating cybercrime effectively. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

ZScaler has the full story


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews