Zscaler uncovers a record-breaking $75M ransom payment to the Dark Angels cybergang

Cybersecurity firm Zscaler has made a staggering revelation. According to the company’s annual ransomware report, an unidentified Fortune 50 company paid a ransom of $75 million to the Dark Angels ransomware group marking the largest known ransom payment ever made – nearly double the highest publicly known ransomware payout.

Remarkably, the gang did not even bother encrypting the victim's data, opting instead to go straight for extortion by threatening to leak the stolen information. The unnamed corporation's hefty payout was made in cryptocurrency, as confirmed by blockchain analysis firm Chainalysis.

About Dark Angels ransomware group

Dark Angels is a relatively new ransomware group that emerged in May 2022. Unlike many ransomware operations that use a scattergun approach to maximize their impact, this group employs a more selective strategy, targeting one major organization at a time.

Dark Angels has distinguished itself from other ransomware groups by not relying on affiliates or outside help. Instead, the group meticulously plans and executes its attacks, often quietly exfiltrating data over several weeks before making their ransom demands.

This strategy was evident in their September 2023 attack on international conglomerate Johnson Controls, where they demanded a $51 million ransom after encrypting the company’s data using a RagnarLocker variant.

Implications for Cybersecurity and Insurance

The Dark Angels' approach signals a growing trend in the cybercriminal world, moving from broad, opportunistic attacks to precise, high-stakes heists. According to Stone-Gross, this method can be particularly lucrative when targeting companies with significant cyber insurance policies.

By identifying the insurance limits of their victims, Dark Angels can tailor their ransom demands to maximize their payouts, knowing insurers may prefer to settle rather than deal with the fallout of a data breach.

"When they hit companies, they search for the relevant data and check how much the firm's insurance policy is set to pay out, be it $5 million, $10 million or more," Stone-Gross explained. "They can then say to the victim: 'We know your policy value, pay it up to the limit.'

Insurers are also a factor in the decision to pay," he added, noting that paying the ransom might be seen as a cost-effective solution compared to the potential legal and reputational damage of leaked data.

In its report, Zscaler noted that there’s been an 18% overall increase in ransomware attacks year-over-year which makes ransomware defense a top priority for CISOs in 2024.

“The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks, and the emergence of AI-powered attacks, has led to record-breaking ransom payments,” said Deepen Desai, Chief Security Officer at Zscaler. “Organizations must prioritize Zero Trust architecture to strengthen their security posture against ransomware attacks.”