Zscaler is aware of a company that paid a record-breaking $75 million ransom to the Dark Angels ransomware group, the cybersecurity firm revealed in its ThreatLabz 2024 Ransomware Report.
Data collected by the company between April 2023 and April 2024 shows an 18% year-over-year increase in ransomware attacks, according to the report.
As for the record-breaking ransom payment, the company said it was paid by an unnamed victim in early 2024. According to Zscaler, $75 million is nearly double the highest publicly known ransom payment.
The list of companies that reportedly paid large ransoms in the past include CNA Insurance ($40 million), CDK Global ($25 million) and Change Healthcare ($22 million).
The cybersecurity industry and governments often advise against paying a ransom as that only encourages hackers to launch more attacks, and victims that pay up are often targeted a second time.
Dark Angels emerged in May 2022 and is known for operating a data leak site called Dunghill. The ransomware group is known for attacks on major organizations. One of its targets was Johnson Controls, from which the hackers reportedly demanded a $51 million ransom.
The cybercrime group is also known for stealing vast amounts of information from victims — in the case of Johnson Controls, they claimed to have stolen 27 Tb worth of files.
“The Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time. This is in stark contrast to most ransomware groups, which target victims indiscriminately and outsource most of the attack to affiliate networks of initial access brokers and penetration testing teams,” Zscaler said.
“The Dark Angels ransomware group’s strategy of targeting a small number of high-value companies for large payouts is a trend worth monitoring,” the company added.
In its latest Monthly Threat Pulse report, NCC Group reported a drop in ransomware attacks. The company saw a significant decrease in LockBit attacks.
In the previous month, NCC reported that LockBit had again become the most active ransomware gang, but questioned whether it was a real surge or a smokescreen meant to hide the true impact of the law enforcement operation aimed at the cybercrime operation.
Related: Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw
Related: Phone Lines Down in Multiple Courts Across California After Ransomware Attack
Related: California Officials Say Largest Trial Court in US Victim of Ransomware Attack