Largest Ransom Ever Paid: Fortune 50 Co pays Unprecedented $75 Million

A Fortune 50 company paid an astonishing $75 million to ransomware attackers earlier this year, said the Zscaler ThreatLabz Ransomware Report 2024. While Zscaler has kept the name of the Fortune 50 company which paid the ransom under wraps, this payment is the highest confirmed ransom payout in history.

The recipient of this record-breaking sum in cryptocurrency is a ransomware group known as Dark Angels. The payment value in dollar terms was also confirmed by crypto intelligence company Chainalysis. 

This massive ransom payment highlights the increasing financial stakes in cybersecurity attacks. It is likely to imbue ransomware attackers with the possibility of actually making never-seen-before sums of money through their malicious activities. 

Previously, many high-profile organisations have succumbed to ransomware demands to keep their businesses going. But these payments are dwarfed by the humongous $75 million figure.   

Previous high-profile ransom payments include: 

• 2021: CNA Financial reportedly paid $40 million to Russian hacktivist group Phoenix, according to Varonis. 
• 2021: JBS paid $11 million to resolve a factory disruption.
• 2023: Caesars Palace paid $15 million to end a ransomware attack. 
  
  

How Dark Angels Made Ransomware History? 

There’s a number of things Dark Angels does differently from traditional ransomware gangs. Some of these things are what have probably helped them corner their victims into paying such huge ransoms. Their primary differentiator is how subtle and silent they are. There’s no overt disruption to the business, no threatening messages that will attract attention - it’s all done very stealthily and that’s why they’ve been winning.   

Here are a few quick points on Dark Angels: 

1. Dark Angels was launched in May 2022. 
   
   
2. It doesn’t operate as a ransomware-as-a-service. It doesn’t even have its own malware strain. 
   
   
3. It usually borrows encryptors. 
   
   
4. It steals massive amounts of data from its victims, in the range of 1-100 TB. 
   
   
5. It has recently attacked several organisations from technology, manufacturing to large telecommunications companies. 
   
   
6. Its data leak site is called ‘Dunghill Leaks’ that it uses to extort victims. Again, to be noted here, the site isn’t at all flashy unlike many others. 
   
   
7. As the Zscaler researchers put it, "The Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time." This tactic is also being dubbed as the ‘Big Game Hunting’ tactic which is now being replicated by ransomware gangs across the world.  
   
   
8. The group often won’t encrypt victim data. No downtime in operations means the victim has more to pay in ransom just to shove the data breach quietly under the rug. 

The worrying part is that every ransomware attacker in the world is now going to be studying the tactics adopted by Dark Angels to emulate their success. They’re all likely going to focus on high-yield, high-value targets.  'Big Game Hunting' is a moniker that's about to explode in the world of cybersecurity. 

What’s the Lesson here? 

The resounding lesson, here, of course is the urgent need for enhanced cybersecurity strategies across major enterprises to combat increasingly sophisticated cyber criminals.

It’s also worthy to note that Dark Angels has one weak point - it usually infiltrates tens of terabytes of data- which can take weeks. 

If an organisation is able to stop this ransomware group in their tracks, it’s possible they could avert danger to a large extent. But how would you achieve that? By implementing the entire suite of security best practices that everyone talks about but seldom prioritises with desperate urgency. That’s correct. This colossal ransom payout is expected to create a desperate sense of urgency in CISOs and business leaders across the world and that may not necessarily be a bad thing. 

It’s time to implement robust, updated cybersecurity measures to protect against future threats. It's time to focus on building cyber resilience with effective Cyber Incident Response training and Cyber Tabletop Exercises. Get your Cyber Incident Response Plans in order and review, refine and update those ransomware checklists. 

Here’s what you can do today to make sure you’re able to protect yourself as far as possible from the damaging effects of ransomware attacks: 

1. Regularly Update Software: Ensure all systems and applications are up-to-date with the latest security patches to close vulnerabilities that ransomware could exploit.  
2. Implement Robust Backup Solutions: Regularly backup critical data and store backups offline to ensure you can restore systems without paying a ransom. This takes much of the power out of the hands of the ransomware attacker.
3. Use Multi-Factor Authentication (MFA): Strengthen security by requiring multiple forms of verification to access sensitive systems. This makes it considerably harder for attackers to gain entry. 
4. Employee Training and Awareness: Educate employees on recognizing phishing attempts and other common attack vectors to prevent inadvertent malware installation. 
5. Deploy Advanced Security Tools: Utilise antivirus, anti-malware, and endpoint detection and response (EDR) solutions to detect and mitigate ransomware threats proactively.

Download our FREE ransomware resources on Ransomware Mitigation and Ransomware Response. Agile response and effective mitigation can help you avoid being in a spot where ransomware negotiations and payments seem like the only option. Because remember, never ever negotiate with ransomware criminals and never pay the ransom. There are no guarantees that you’ll be safe and your data protected even if you pay an ungodly amount.